Duration 40:11
16+
Play
Video

Citrix Synergy TV - SYN148 - Enhance the security of your Office 365 apps with Citrix Endpoint...

Michael Bowlin
XenMobile Cloud Architect - Rapid Deployment Team at Citrix
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 21 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN148 - Enhance the security of your Office 365 apps with Citrix Endpoint...
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
401
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

  • Michael Bowlin
    XenMobile Cloud Architect - Rapid Deployment Team at Citrix
  • Alex Rubio
    Principal Product Manager, Enterprise Mobility at Citrix
Over 19 years of experience leading a wide variety of functional teams in a software engineering organization delivering strategic and profitable product releases. A proven track record leading market analysis, product planning, and product releases.

About the talk

Topic: IT

Most organizations use Office 365 in some form today and many others are exploring Intune for managing their devices. Learn how Citrix Endpoint Management helps secure Office 365 apps and complements Intune. We will cover the various options you have for mobile device management and mobile application management, and address why you should consider using Intune and Citrix Endpoint Management side-by-side to deliver a secure workspace to your end users.Note: This session will be available for on-demand viewing post-event on Citrix Synergy TV.

Share

Hello, everyone. How's it going? Good. I'm still waiting like a hundred more people to show up, but we'll just 00:04 hang out. Good news is the first time I've ever had a meeting room with bathrooms in it. So if you guys feel the need to go to the bathroom the doors 00:13 hope it you're not going to miss the show. We're good here. Well, my name is Alex Rubio product manager for endpoint management. 00:23 This is Mike Boland. Remember, they employ management rapid deployment team and I think we've both been here really long time and point management. 00:32

If you have any other questions after the meeting feel free to come up and and asked us and we'll we'll we'll make our best to answer for you today. 00:41 We talkin about how we enhance Office 365 with endpoint management, right? And we get asked this quite a bit. Right? Why do you need 00:51 endpoint management when you have Office 365 and into play so we have this conversation probably on a weekly basis with customers and we figured we 01:01 get some high-level pointers, you know, so as level as you know, there's a high-level session to too kind of, you know help you guys as your decision, 01:10

you know, we've talked to a couple of you and there's like twenty past you could take you know, which between endpoint Management in InTune and Office 01:18 365 and the the number of device. Cuz you have if you're doing MGM if you doing ma'am, there's a lot of options today. We're to cover some of those 01:26 but if you still feel like, you know, you have a particular question is what we are going to have time at the end. I'm trying to make this probably 01:35 around 30 minutes. We have time to fur to have a discussion with a little help us out. So in the event of time, we have a 5 top reasons, you know when 01:42

you want to talk about how we want to add value and how are Citrix adds value with an Office? 365 number one is workspace integration. Obviously, you 01:51 know, we were workspaces is our our new you know from last year. We announce that we we're all we're doing we're doing a lot of adding value to work 02:01 space and we want to make sure that's the best experience for you with with endpoint management. That's one of our big goals is is making sure that 02:10 that experience that you have and the ability to manage your urine points with with Citrix workspace is the best that we have in the industry. 02:18

Number two is our internet into integration rights. We've done a lot of work with Microsoft and we have some, you know, very unique offerings that we 02:31 do and we'll go get into that. If you want to use Entune Azure endpoint, you know device management solution again, we are the best 02:40 EDM for Citrix workspace and am I going to go through some of the Windows 10 policies in IOS and Android policies that you want to set up for securing 02:50 Office 365 Answer to me again one of our big, you know Flagship product write everything starts in with your mail. And we want to make sure that that 03:00

is is clear when we're going through these, you know, when you're going through these decisions is which is going to be your mail client right again 03:09 use Outlook and you use melee can use native. So you want to make sure that you have that that data in on hand for that and lastly we have is our 03:17 content collaboration solution. Which again we bring this up a lot when it when I get there when I talk to customers around, you know, what what is 03:25 you know when drivers what is one thing right you get that but there's still a lot of other things you have to take into account. So we'll talk a 03:33

little bit about that. The moving into work space, you know, the biggest thing that we're moving towards right is a unified user experience. I'm sure 03:40 you've seen this in a lot of other slide, but everytime I talk to a customer and I talked about workspace. I'm asking what is it workspace to you? 03:49 Right and everybody has something different to say and I and it may be that we are not the best at naming this cuz overloaded term but when I talk 03:57 about work space I'm talking about the workspace mobile experience. And that means that you have work space as a platform write your old store Front 04:06

server is running on the cloud rice. You have your new workplace service and what endpoint management is doing is integrating with that, right? So you 04:14 have your workspace app locally on your device and secure Hub. And your and your MDM solution right is is integrated with that. So you have a single 04:23 page where you have your native apps your sass Ops your virtual ass and desktops and your files right to Destin. Experience. 04:33 So when you hear me talk about worst days. This is what I'm talkin about. We still have secure we still have our stand alone and play management 04:42

solution, which is a secure Hub in the App Store and app store inside of that and that's still there today in the end. Most customers are still using 04:49 that but we're talkin about a solution that's going to integrate directly with Citrix workspace. And again, that's what we're selling today. Right? 04:55 We're selling Citrix workspace premium and premium plus SKU, right? It's in our employ management SKU is not really so stand alone anymore. Right? 05:02 It's all part of the Citrix workspace week. So this is what we want to do. We want to integrate and and make this Valley that that you have and I'm 05:12

sure a lot of you are virtual app and desktop customers and you want to see how you can easily integrate your your your management off of mobile 05:20 devices and mac and and and windows as part of this right as a quick show of hands. How many of you guys have are using endpoint management today? 05:27 Okay, have you guys are using InTune as well for managing office apps yet for Mobile in K anything anyone using 05:38 Windows 10 or Mac management? Now you just milk out. All right, and so, you know 05:48

all the different options that you have to come up with an and think about as as you're going through this one of the other things in here, you know 05:57 is single sign-on. So we've done a lot of work when we talked about work space. We redesigned the way that are authentication works from the mobile 06:05 side to allow for a better single sign-on experience with our secret identity platform, right? So we're using Citrix Cloud we can now a fennec 8 with 06:14 work space app with secure Hub with Citrix files with Citrix us so app and they all share the same SSO token. So as long as you have one of those 06:23

apps installed and you have the workspace experience enabled those apps will will will single sign and I'll talk a little more about one more a 06:33 future coming through that for that. And that's mobile SSL. So when we are so, you know, I just mentioned all of our first party apps or Citrix apps 06:42 are signed with the same certificate. So it's easy for us to single sign-on across those devices. Right? It's shared. So so iOS makes it easy 06:52 what is not easy is being able to use the same, you know, sam'l token that we have an authenticated with other third-party 07:02

apps like work day and and sap in all of those. So that's what this this feature is about, right? It is on your mobile device you want to be able to 07:11 install native apps that are public app store apps and be able to single sign on to those with our work space credentials. 07:20 And as well that feature is pick preview. We just announced it this week is going to be Tech preview. So if you guys are interested in that, please 07:29 reach out to me after and we can set up a tech preview in and get you going to try it out. It'll be GA soon. We want you no more make sure that he 07:37

will have to try it out and give us feedback before we release it out of her Dann. So this just so you know about this 07:47 requires the workspace experience to be turned on so have endpoint management integrated with work space as well as using are SAS apps, 07:57 right? So any app that today we have with part of art are Gateway service with our staff solution. We you can have the native third-party 08:07 support. so intern immigration Yeah, so, you know when when we talk to 08:17

customers that have done work with InTune. They've got Office 365 out there. They're trying to put on her mobile devices, you know, this on Prime 08:27 access is probably the number one reason that you know, Microsoft want to partner with us. The customers want to talk to us about it is because 08:36 Microsoft doesn't have a good answer for their applications coming in. So rather whether you are a Entune customer in this 08:44 gone all-in tune and you need on Prime access that's an option for you if you're a customer, but it started a look at this probably a year-and-a-half 08:54

ago. You probably looked at it with rndm with InTune mam in play and recently this year. A lot of people aren't aware that we can do our full 09:02 Enterprise in point management solution with InTune as well. And so regardless of the mode you're running in we 09:11 have a way to help you address some of these challenges. And so, you know like how to send secure mail is one of the big drivers, right? That's the 09:21 key application everyone's using so you have an option in your deployment of do I put secure mail in the into container or do I put in a secure mail 09:29

in the MDX container? And so your your business requirements will determine where that goes but you have options with that and what's 09:39 that you have the InTune managed browser. So if if you're a secure web user right you if you go to the into space you would use the Microsoft managed 09:49 browser. I'm not the one that has the VPN pre compiled into it. So it's ready to go when you get that on Prime access and if you got your internal 09:59 apps that you need to put in the container as well. You can wrap those apps and bring them into the space and get on Prime access for those as well. 10:08

And part of the beauty of this is that you know, rather than having as an admin trying to figure out what console do I go in for the 10:15 configuration of an app for a given set of User. It's all built inside the citrus cloud and we use the graph API to ride that information into InTune. 10:25 So unless you're doing some really complex things are some you think unique things inside of InTune for a lot of customers. There's no need to even go 10:33 into the end Basra portal to even do things with the entombed console. So as as a customer for you, 10:40

a lot of you guys are in point management customers already today, you've probably got some experience with a netscaler already. You set the 10:50 environment up the good thing for you is he knows secure mail policies the UI looks a little different because there's some slight changes between in 10:57 TuneIn endpoint management, but the policy settings that you see or what you're used to seeing today. And if you need to use the technology to look 11:04 similar to you they're so if you're in the Entune space, right the same SDK to provide the VP and capabilities for your MDX 11:12

applications does the same thing in into so that same learning that you've done of getting an Eskimo off the ground and making a VPN work is going to 11:21 fill almost exactly like what you're used to seeing in the past. So it simplifies our life there and if you're a customer that's integrated some 11:30 things like Casey D or things like that to do single sign-on if you've already got that on your MDX container Gateway the same thing will apply. 11:39 Directly crossover and can be lovers on the same netscaler. So a lot of that work you've already put in for some of those things directly translates 11:47

when you bring into an end to the Gateway as well. And by the way, it uses the same wrapping tools. So the same MDX tool kit that you use to wrap your 11:55 applications and your Enterprise apps that same toolkit as leverage when you're doing things in InTune is well-used. There's some additional pieces to 12:05 use for in tuned for the same components are there in love red. So there's a commonality of what you're doing there as well. So if you look at this, 12:12 right, this is where things get simple right? Because if you've already got your point management place with looks like a lot of you guys do that 12:20

netscaler the submarine IP and all those things that are passing through it right or already open you open up a new 4/4 report for the Gateway in a 12:28 certificate and now the traffic is coming in and just greatly simplifies your life. It has the ability to add the Microsoft authenticator to it. So 12:36 you got absurd trying to pass through that login of just tapping the app and accepting the authentication and help you transition from some of these 12:45 modern off technologies that you got him play. There's the capabilities inside the netscaler. Transition from the OA autocannon come into your network 12:54

here Lego Systems. So Mike and you know, it starts getting confusion cuz there's like 20 different 13:03 the point of methods you can use right if you want to use Entune side-by-side with with MDX you want to come by and I'm in one container. You want to 13:13 use us a sew in the back ends. There's a lot of things. So what I tried telling customers is what are your high? What is the highest use cases you 13:20 want to stall today? Right? And those are the ones we should focus on first and then you'll see how it lays out. Right? Cuz we weave I've mentioned 13:27

this to a lot of customers and eventually they're like, well, you know, I really just want these use cases where Office 365 I just want to make sure 13:34 that the data and there's no data leakage there, but I really low secure mail and MDX send a secure web works really well might want to keep that 13:43 right and then we can we can help you schedule that you know, like you lay that out for you so you can have that type of a deployment right other 13:52 customers are like I am moving to in tune in to Disney by MDM right? I really just want the key remote access. I that's my biggest use case right now 13:59

that I'm missing. So we we we go down the route of having secure mail and into mode and then having into managed browser as part of that with Mike 14:08 Rowe VPN to connect your own Prime resources, right? So those are the types of things and conversations. We want to have it at the beginning you were 14:16 here. This is a top use cases for mobile that that that I want to tackle for this right? Cuz there is a lot of different ways I can figuring this and 14:23 you can get lost and and frustrated if if you don't have that that kind of priority list and play. Yeah. I think it take away is is not perfect. Right 14:31

and it ghetto is Utopia that would be the case but their unit will need to consider use cases and then plan out. What makes the best sense for you, 14:40 you know, so I think a nice take away here is if you're an existing customer you want to add this on it's a trivial thing for us to go do that in the 14:48 cloud and in a matter of minutes you can extend that out in due. As radiant aggression into so it's pretty simple to get that off the ground. 14:57 Alright, so one of the things that we want an ounce today, so there's a couple new things coming with with InTune today with we're announcing the 15:09

ability to wait when you do conditional access. This is something customers ask about they're already using conditional access and they have a option 15:18 to a do at base conditional access today is really only Microsoft apps are in there. So what we're doing is we added secure mail. We are they got 15:26 approved it to be on the on top of that that white list of apps for for bass conditional access. So with part of 1955, which is an ER we have the 15:35 ability to do at base conditional access siamese, if you have secure mail running inside InTune, right, you can check that box inside conditional 15:44

access that says only allow app approved apps Might mobile apps to to to be proved that link is there they can go and check that out. So I enjoy it 15:53 would be probably a few Sprints a few new releases and it'll it'll come through as well. That's something that that that's new. Secondly part of the 16:02 same area there when you're using InTune MDM as as you're into Nazareth MGM when you log into company 16:10 portal and you install in tuning their right the first time that into launches you have to login again, so we fix that. So now when you 16:20

using secure mail inside into in the first time I logged in if you have Microsoft authenticator Microsoft calls of the broker enablement, you can 16:30 it'll flip over to Microsoft authenticator and single sign you on so you don't have to have that to sign-in process in there. So those two features 16:39 that kind of joint and that's being released soon. We have a couple of customers and waiting for that to to do the true single sign-on scenario in 16:46 that use case and lastly was the one I want to talk about was our announcement today at the key know where Microsoft's opening up the into an API. So 16:52

allow us to use our MDM. So we're using our employ management MDM solution we can then send Using Intergraph apis send that data 17:01 it over to conditional access so we can determine if you have if using device-based conditional access, you can determine if the device to complain or 17:11 not based on that potato ricer feature that I think I don't know if someone is either here, but they really been jumping up and down and asked you for 17:20 this cuz you know, we've had a lot of customers that that use conditional access today and they want to be integrated with Citrix. So this is huge for 17:28

us. So we're very happy to get this work going again that there's no time left on that yet. We're still working on that so that we will we will have 17:35 they won support when that those apis are available. Yeah, I would say 75% of the customers I speak to and I'm the team lead for EMS integration in 17:43 my group and almost everyone asked about that capability right specially as they start rolling out into their security team starts pushing 17:53 those sorts of conditional access rules and not having that. What was a bit of a hole so closing at home. the big thing for us 18:03

so the best unified endpoint management, right? So when you look at this, right? 18:12 The breath of the platform that we are able to cover from raspberry pies for the workspace hubs to 18:22 mactac Rome to iOS to Android, right? There's an extensive amount of work and time has gone in this gone into this. And so when you look at other 18:32 platforms out there, there's very few that come close to what we do and it's because it takes time to build the mindset of the endpoint 18:40

provisioning in configuring, you know, you see this in the what the new workspace is doing and how it integrates together and brings you're really the 18:50 endpoint management her or unified employment rights, bring me and receiver and all of your company ass and not just the mobile pieces to it, right? 18:58 This is big and it's what Gardener has been saying has been coming, you know about four or five years ago. They started telling us this is coming 19:07 right in he's a lot of us looked at him and said, they're a little crazy but you know, it's obviously happening. And so there's a lot of work that 19:14

goes into plug. Name of the various vendors like Samsung that let you Control operating system updates right in those are some big things for some of 19:21 our banks and and healthcare companies that need to be able to control that wouldn't make sense is that we plug in and handle a lot of the key use 19:29 cases here. So I thought I'd take a moment and talk about automated actions in this is something has been around for a long time. Right and a lot of 19:37 people using but people coming from the engine World tend to forget about some of this if you've ever tried to do things with conditional access, 19:46

especially in large organizations. It can be very challenging to try and figure out what conditional access rule is stopping something from working. 19:54 The number of the customers that I've worked with him in doing some of our integration you the worst it just wouldn't let an app run and so we go with 20:03 them and say okay we need to go figure out what this is and they come back 5 days later. We are we finally figured it out. Right and so decorate some 20:12 real challenges and what we found is some of the conditional access rules we can do with our automated actions and part of the benefit of that is 20:20

understanding the resulting set of policy is being applied to a client are all that information is deployed. Do you say it in the delivery groups in 20:27 our console? So it's easy to go see what rules are applying to a given user. And then we stand Beyond what's in the things they can to do in tune can 20:34 do by being able to things like when he a t account is disabled it automatically wipes the device. So when HR. Your terminate someone or someone 20:43 leaves the companies you're in point management. All the date on those devices is now protected automatically as opposed to someone in in the endpoint 20:52

management team having to know that that happened get the communication take the action took. This is a very common things people do and conditional 20:59 access good at looking at things like the Microsoft approved list, but when you have things that deviate outside of that I can start getting complexo 21:09 the number exclusion rules and things like that so we can be very very unique and specific about some things that were doing with 21:16 filter. I'm just a quick thing. I pulled out of kind of in TuneIn what you can do on their side of the house riding income the extensions that we can 21:26

do on ours. I don't know. I see some of the people in the room that I've done some work with automated actions. So being able to have one user this 21:35 testing. The real policies are going out for a set of users and filter out Alex or Mike or whoever maybe and be able to say what happens when these 21:43 rules apply to the Caesar don't apply to see the surface. It's a really allows you to build some really calm complex rule sets. It makes sense for you 21:51 as opposed to just kind of global policies apply to everyone and then when you try to need them, you need to pull someone out. It's very challenging. 21:59

So this has been really, you know of a kind of reminds people the features that are here that that are are are meaningful. 22:06 So let's step back for a second think about the real world and what it takes to push an application out. And so there are three 22:16 types of applications out there that you're going to manage their the public apps are on the App Store. They they're not programmed to accept 22:26 configuration settings are not programmed to run in a container. So what do I do with those right? How do I manage those apps in the best way possible 22:35

and then there's apps that support configuration policy. So those are apps that take apple configuration or Android Enterprise policies and can figure 22:42 them for you. And then the Nexus apps that play inside the container and the variations in those applications create challenges for the 22:51 the the deployment team and listen to let's talk a little bit of what that is right soap from our perspective in tune be at our side of the house 23:01 windows iOS Android Mac OS I think they come and take away are here. Is it in point management can help you manage these? There's different types of 23:10

technology and policy to push but there's a single location to go and configure all these things and we can attack it out of Windows 10 here at the 23:18 end because a lot of people view that is a kind of space that we've not played. Well in a lot of people are well aware of what we can possibly do 23:27 there. So let's take the person Area Public ass that there's you know, it is what it is. I got to make the best of it. There is some critical 23:35 things that you want to do here and part of that is important and forcing device encryption, right? If you can't wrap it you can't put it in a 23:45

container you got to make sure the device is secure and there's some exclusions for things like open insecure male, right? If you don't have Entune 23:51 maybe the office at start as secure as you'd like from the beach umbrellas, you can do some exclusions and only limited to go to those specific 23:59 applications, right so you can put exclusion for whatever a secure mail needs to open. You can control that. And then over the last column over there 24:09 is something to Alex pointed out to me recently that I didn't realize was there and that's the ability with a iOS restriction policy. Taxi say that 24:18

you can only only unmanaged apps can read information or transfer back and forth between manage Ave. So what day did he come into? This is a policy of 24:26 the OS will control that allows you to specify if the app is considered man made from an Indian perspective. I can control the data between the two 24:35 flows. So one of the challenges as bad that into is a container and Citrix has a container for the two aren't consider trusting of each other. This 24:44 will help you establish a trust between the two. Okay. So this is big a hole they need to be closed and it 24:54

helps right? Cuz if you're managing it, then the OS will help you manage those and it's not just office African the other apps that you pushed out as 25:04 well. Yeah, I mean, I think the one thing he write the one got to hear is that it does require MDM, right? Cuz that's the base layer 3 to control the 25:11 device when you want to have you know, two different separate areas. So if you want kind of a man solution, then you have to go at the next layer 25:19 which is the opening exclusions or have everything inside one container like in tune right and have secure mail in there. So that like we start 25:28

talking about all these options, but that's where you have to make that decision. Like, you know, can you use men p.m. For most of your users then you 25:36 have a pretty good solution, right? Yeah, I know what the ad that's something that we don't do a lot these days but it is something that's there that 25:43 a lot of meaning of healthcare companies tend to limit access based on if you're on the company Network or not, right? So there's always the option to 25:51 establish a VPN right outside of the MDX container, right? You can do an on-demand / a VPN and then if the Apple come through your 25:59

network and then it looks like you're coming from your network. So depending on how your application is deployed and what other rules you have for 26:09 desktops in various things that made me an answer for you to be able to manage that and secure it a little bit better. Take the 26:16 next step of apps that don't blame the container but Haskins configuration settings so that you can do so it allows you to go in and 26:26 configure the app and so on iOS there is the Apple app config option that allows you to push out some XML to configure it 26:36

from Android Enterprise actually come in a little later to the game actually does a little bit better job here. They give the option the console can 26:45 go read from the Play Store. What options are available to configure and present those to you. So now if I get a UI to edit this information as 26:54 opposed to kind of getting down into the weeds of XML and configuring it but one of the reasons why you needed to start thinking about Android 27:02 Enterprise and some of these capabilities that the device administrator option that we use when we do MDM on Android today is being deprecated. So you 27:10

need to start looking at that process of moving off device administrator and in on to some mode inside of hand. Enterprise in some of the benefits is 27:19 ability to start pushing these policies as well. So what was the next step and go 27:27 on into apps inside the InTune container? And so this is the back graphic here is an option for you to go in and look and see what it looks like in 27:37 the Central Library in this is where you can go and add apps into in point management. You can manage the App Store in TuneIn the your sass and class 27:46

and desktops are managed in situ here as well. So there's a common UI for you to go and look at it. It's a common place where you go to add 27:54 applications so that process that you're doing just starts repeating for you. And then once you pick one, they ask that you want to hear you pick it 28:02 for your platform and you go and configure policy just like you would in the endpoint Management console. So there's about depending on the app 28:10 somewhere between 14 and 70 some-odd plus policy options for you and secure mail really extends. Well beyond what into can do now I'm going to 28:16

do about 14 to 16 policies we can do in the neighborhood of 70. So depending on the app you get more features and capabilities. police are and then 28:26 one of the nice things about this is when you look at your security teams and auditing and things like that when you go in a Dan after doing is an 28:36 InTune administrator, so the activities that you do are audited inside of azure as that users identity. So there's not just one Citrix service account 28:43 that is doing all this work writing in you've got auditing of whatever user did inside your organization. And that's all just push me a graph API. 28:53

So the next faces Windows 10 and we will bring this up a because it's pretty cool. You can do be a lot of people aren't aware that we did this 29:04 when we've heard this on a lot of calls. It kind of surprised is a bit. So he knows a lot of people think with Windows 10 you get Wi-Fi VPN password 29:14 policies some basic things like that right in the end then you're done and and that's actually not true. If you see any of the other sessions, right? 29:23 You'll see some more about this but there's ability to control what a given task and read create update and where they can save it. For example, can 29:31

this application run on that gaming desktop? You can limit depending on the application there's times when you can specify what IP ranges and domain 29:40 names that it can access then gives you ability to audit all this information, right? So this is just a simple example of a document and it's stopping 29:48 the user from saving it and there's different ways you can kind of audit it and not tell the user that it happened. You can block it or you can Warn 29:57 them and give them the option to move on but this is stepping Way Beyond what a lot of people understand can can can happen here. So this is just 30:04

an example of a policy we can figure it in one of our test systems where it's kind of looking at what are the desktops apps in the app from the store. 30:14 What versions are supported? Right? And then debility is this app allowed to run on this device or not? Right? So you got some controls there. And 30:21 like I was talking about just another option down to bottom is what's my enforcement level here. Do I block it? Do I warn the user? So I just saw it 30:31 in the background what domains are allowed for this application to communicate for example. So for me, this is a bit of a surprise while back when I 30:39

realized it hold. I've been thinking about this wrong and communicated it wrong to our customer. So it's a lot of power here. School 30:48 so number 4 on the list is Sakura me a little bit about it at the beginning there. Really I want to emphasize right this is app is designed 30:57 exclusively, exclusively for Enterprise use cases, right one of the things that we look at right is every policy that we had every new feature that we 31:06 had. How is it controlled by the Admin right 10th Ave and turn it off. Can they use it how do they deliver to the user? We've we've heard it loud and 31:16

clear right? Every little change that happens to a user some companies have to write, you know article on it or explain it to users cuz I know they 31:23 get confused. So we try to take very clear, you know measures as we add new user experience features that they get delivered in a timely matter 31:31 and allow the admin to control it. Again, we know we already talked about it. But you know this app does working in InTune and it's in an ads on from 31:40 Exchange Server access that's still one of the key use cases that that you know feels want to do that. People are moving over to exchange online 31:50

Zine on the using hybrid modes as well. So that's easily migrate of all is well. So once you're ready you can start moving users to that. So there's a 31:59 lot of information they are a lot of a flexibility for secure mail. I think I might mention it but you know, I went through and I looked and we have 32:09 about 50 features that are controlled by policy just for the app that's not counting MDX right? I'm the ex still has like maybe another bunch of other 32:17 features as well. So, you know, we have that and it was in terms of future, please don't try reading this is just a high-level slides that First 32:26

Column is is secure mail will we have all these Enterprise specific features I can go in there. Are you can download the slide later. It's part of his 32:33 part of us outside ounces. Dot-com they can go in and look at this but it does show that this is a feature-rich client that that does provide, you 32:42 know, a lot of Valley for the Enterprises. So the last thing you want to talk about is such as content collaboration the one of the things that you 32:51 get right with offices one drive, right? So you have Office 365 you're all set right know. Where are 33:01

your files score today? Right? I haven't met a customer yet that he just completely happy with one drive and that they use that for everything and 33:11 it's great. Right? I'm sure there are people out there. I haven't haven't found one yet, but there is a lot of places today that you have access that 33:17 your father still stored at right in there all their on-prem their local you have network drives or in your inbox. So there's a lot of places that you 33:25 still have to deal with right and I think this is one of the area's I always talk to customers about is that we have the ability with Sheriff all or 33:34

sorry constant collaboration to to go in and and help you manage. This thing's right. So one of the things we do is we have we can do a hybrid 33:41 environment. We don't really care if your files are actually stored on our server we have Ability to do connectors that allow you to connect to these 33:50 different areas, right? There's a lot of people with box anything else right one Drive Unit. There's a there's a huge list of things here. As you 33:59 progress. You probably want your new files. It's tough to be stored it in a in a new location and that's unit slowly migrate. You can't do that from 34:08

one day to the next right now people have terabytes to petabytes of information out there that you want to slowly start migrating over maybe you want 34:16 to restrict one you still have access to that. So we have the flexibility of having that layer of management in there that allows you to do that. 34:23 Right? And when you connect that with some of the other things we talked about it does become a great solution all the stuff we talked to today right 34:31 is all part of the workspace premium solution, right? So you still have access to this you don't have to buy anything extra to get this working. So 34:39

those are the things that we want to you know, emphasized that there is still a lot of things to think about as you're moving as your Giving access to 34:48 mobile devices. How are they can access our files right? Are they going to connect through an app? Are they going to use OneDrive are they going to is 34:56 your files on Prim? You know, do you need a non-prime connector to connect through that is it is it you know, it is a private piano key using secure 35:05 SSL solution there. So once you have that list of information that you can make it and you know that the decisions but that's one thing that we've 35:13

seen and and usually, you know, cuss words come back saying yeah, this is this really helps us and it helps us improve our Office 365 adoption and and 35:21 you search with right? So that was kind of the Lehigh and we have a things nine minutes left if you want to have any questions 35:30 here. Feel free. 35:40 I'm not sure on that. We'd have to check with a lot of chocolate, collaboration the PM's on that. 35:51 Do you know? If you if you ask me I could tell you who the right person is, and we can get you in contact with them. 36:01

anyone else Yeah. 36:16 Correct. So if you go to the app store today in 2 minutes browser for IOS and Android both have the micro VPN installed. So all 36:28 you have to do is go to our Citrix Library. I mean when you have the in tune in all that stuff set up you go when you publish the after their we take 36:38 our micro VPN policies and push it to InTune so that way when InTune comes up it'll it'll see those policies against download it and it turns on the 36:45 VPN for you in the policies are on there. You will never know it's there right? We just were dormant so that that's It's pretty useful 36:52

that when they're testing the Microsoft managed browser does not get policies out of the gate when it launches an office 37:02 app has to launch first to get policies to update that out. 37:12 Play around. 37:16 men's browsers one of those used to work the way you think right you like that thing would come up and then Apple rejected our application. So just be 37:25 aware. That's if it doesn't matter if you're using our stuff for using Microsoft, that's the way it works. Right? So people test that and they think 37:34

it's not working. So that's just the second something one out of you want to mention that we keep hearing is the when you guys are testing and you're 37:42 changing policies on iOS. It's very hard to take into a passel policies. So sometimes get to do a factory reset other device to to reach out to make 37:50 sure those policies are are enforced does it take away is do not change users from device to device Riley, you know, don't test with my ID today and 38:00 use Alex on the same device tomorrow right specifies how to divide us cuz it's just and you don't use your personal phone on Android is a lot easier. 38:09

They say it's an easier way to to reset it and nobody use Android store testing cuz you're changing policies and getting it. All right. It's easier 38:19 for iOS sometimes at the 2 Chainz doesn't get refreshed if using mam only you have issues. So these are just things that we've learned from experience 38:27 and from customers is trying to help you out. Sorry, I couldn't hear that. 38:34 Those are these are just things that we've learned from experience. I don't think there's anything and it's all Microsoft stuff. So it's not really 38:48

are, you know code like for us it's just we put the policy there and it gets download is winter in right? So as long as policies is there where you 38:56 know, it's all into downloading that stuff. So we don't have anything in our docks on it, but I have like recently got to have Googled it and there's 39:04 forms with other people talking about it. 39:12 The integration so the indeed direct integration requires a cloud version because we do the direct calls to Entune and the circus Cloud Library, 39:29

although although you why is in such a cloud is not in the same console, right? So you require the Citrus clouds the endpoint Management Service for 39:39 that. Cool guys. 39:48 Love you. Everything else. Thank you. If you want to come up and ask questions. Thank your time. Thank you. 39:58

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN148 - Enhance the security of your Office 365 apps with Citrix Endpoint...”
Available
In cart
Free
Free
Free
Free
Free
Free

Video

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “IT”?

You might be interested in videos from this event

September 28 2018
Moscow
16
122
app store, apps, development, google play, mobile, soft

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN148 - Enhance the security of your Office 365 apps with Citrix Endpoint...”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
505 conferences
19653 speakers
7164 hours of content