Abstract: Methods, systems, and computer storage media for providing access to computing environments based on a multi-environment policy are provided. The a multi-environment policy is configurable to define rules that have provider-controlled and customer-controlled computing environment parameters for approving access to provider-controlled computing environments and customer-controlled computing environments. In operation, a request associated a computing environment are received. The computing environment is associated with a multi-environment policy. The multi-environment policy is configurable to define the rules based on access vectors having grouped computing environment aspects for control and visibility associated with accessing computing environments. Based on the request, a determination whether the request is for a provider-controlled or a customer-controlled computing environment is made.

Abstract: Methods, systems, and computer storage media for providing access to computing environments based on a multi-environment policy are provided. The a multi-environment policy is configurable to define rules that have provider-controlled and customer-controlled computing environment parameters for approving access to provider-controlled computing environments and customer-controlled computing environments. In operation, a request associated a computing environment are received. The computing environment is associated with a multi-environment policy. The multi-environment policy is configurable to define the rules based on access vectors having grouped computing environment aspects for control and visibility associated with accessing computing environments. Based on the request, a determination whether the request is for a provider-controlled or a customer-controlled computing environment is made.

Abstract: A configuration control transfer (“CCT”) system controls the transferring of control of configuration information of a device from a current configuration source to a target configuration source. A CCT server of the CCT system may send a request for the configuration information of the device where the configuration information of the device currently under control of the at least one first configuration source. The CCT server may also receive the requested configuration information, determine whether the second configuration source is able to support the configuration information of the first configuration source, and based at least on a determination that the second configuration source is able to support the configuration information, request that the device transfer control of the configuration information from the first configuration source to the second configuration source to unenroll the device with the first configuration source and enroll the device with the second configuration source.

Abstract: Methods, systems, and computer storage media for providing access to computing environments based on a multi-environment policy are provided. The a multi-environment policy is configurable to define rules that have provider-controlled and customer-controlled computing environment parameters for approving access to provider-controlled computing environments and customer-controlled computing environments. In operation, a request associated a computing environment are received. The computing environment is associated with a multi-environment policy. The multi-environment policy is configurable to define the rules based on access vectors having grouped computing environment aspects for control and visibility associated with accessing computing environments. Based on the request, a determination whether the request is for a provider-controlled or a customer-controlled computing environment is made.

Abstract: A device boots in a secure manner that allows measurements reflecting which components are loaded during booting to be generated. Measurements of such components, as well as of a device management agent and the security state of the device, are also obtained. The device management agent accesses an attestation service for an enterprise, which is a collection of resources managed by a management service. The device management agent provides the obtained measurements to the attestation service, which evaluates the measurements and based on the evaluation determines whether the device is verified for use in the enterprise. The management service uses this verification to ensure that the device management agent is running in a secure manner, is accurately providing indications of the state of the device to the management service, and is implementing policy received from the management service.

Abstract: A configuration control transfer (“CCT”) system controls the transferring of control of configuration information of a device from a current configuration source to a target configuration source. A CCT server of the CCT system may send a request for the configuration information of the device where the configuration information of the device currently under control of the at least one first configuration source. The CCT server may also receive the requested configuration information, determine whether the second configuration source is able to support the configuration information of the first configuration source, and based at least on a determination that the second configuration source is able to support the configuration information, request that the device transfer control of the configuration information from the first configuration source to the second configuration source to unenroll the device with the first configuration source and enroll the device with the second configuration source.

Abstract: A configuration control transfer (“CCT”) system controls the transferring of control of configuration information of a device from a current configuration source to a target configuration source. A CCT server of the CCT system may send to the device a message requesting the configuration information of the device. In response, a CCT client of the CCT system collects the configuration information of the device and sends the collected configuration information to the CCT server. If the second configuration source can support the configuration information of the current configuration source, the CCT server requests that the device transfer control of the configuration information from the current configuration source to the target configuration source. The CCT client then transfers control of the configuration information to the target configuration source as the new current configuration source and un-enrolls the device from the former current configuration source.

Abstract: Various technologies described herein pertain to managing multiple enrollments of a computing device into configuration sources. Respective enrollment types for the enrollments into the configuration sources can be detected. Moreover, respective control data for the enrollments into the configuration sources can be set based on the enrollment types. Provisioning elements (e.g., policies, preferences, configuration profiles, and resources) that satisfy the respective control data can be permitted to be applied to the computing device by the configuration sources as part of the enrollments. Further, disparate provisioning elements that fail to satisfy the respective control data can be prevented from being applied to the computing device as part of the enrollments.

Abstract: A configuration control transfer (“CCT”) system controls the transferring of control of configuration information of a device from a current configuration source to a target configuration source. A CCT server of the CCT system may send to the device a message requesting the configuration information of the device. In response, a CCT client of the CCT system collects the configuration information of the device and sends the collected configuration information to the CCT server. If the second configuration source can support the configuration information of the current configuration source, the CCT server requests that the device transfer control of the configuration information from the current configuration source to the target configuration source. The CCT client then transfers control of the configuration information to the target configuration source as the new current configuration source and un-enrolls the device from the former current configuration source.

Abstract: A facility for maintaining the state of a managed device is described. The facility receives an indication that the managed device is to be unenrolled from management. In response to receiving the indication, during a first time period, the facility performs a first unenrollment task with respect to the managed device. In response to receiving indication, during a second time period that does not intersect the first time period, performing a second unenrollment task with respect to the managed device that is distinct from the first unenrollment task.

Abstract: Test cases are executed by the software engineering test system. The test cases target software products. Test outputs are generated indicating whether the software engineering test system determined the test cases to have passed or failed. Separately, bug records are stored in a first dataset whose records identify corresponding bugs. Records of the test case executions are stored in a second dataset. Records thereof indicate whether a corresponding test case failed when executed. Such records may have bug identifiers entered by a test engineer and corresponding to bugs identified by the test engineer. The first dataset is parsed to identify records of test runs that have failed, and for each such test run record a bug identifier thereof is identified. Statistics such as failure counts are updated for the bugs found in the test run records.

Abstract: A device boots in a secure manner that allows measurements reflecting which components are loaded during booting to be generated. Measurements of such components, as well as of a device management agent and the security state of the device, are also obtained. The device management agent accesses an attestation service for an enterprise, which is a collection of resources managed by a management service. The device management agent provides the obtained measurements to the attestation service, which evaluates the measurements and based on the evaluation determines whether the device is verified for use in the enterprise. The management service uses this verification to ensure that the device management agent is running in a secure manner, is accurately providing indications of the state of the device to the management service, and is implementing policy received from the management service.

Abstract: A facility for maintaining the state of a managed device is described. The facility receives an indication that the managed device is to be unenrolled from management. In response to receiving the indication, during a first time period, the facility performs a first unenrollment task with respect to the managed device. In response to receiving indication, during a second time period that does not intersect the first time period, performing a second unenrollment task with respect to the managed device that is distinct from the first unenrollment task.

Abstract: Various technologies described herein pertain to managing multiple enrollments of a computing device into configuration sources. Respective enrollment types for the enrollments into the configuration sources can be detected. Moreover, respective control data for the enrollments into the configuration sources can be set based on the enrollment types. Provisioning elements (e.g., policies, preferences, configuration profiles, and resources) that satisfy the respective control data can be permitted to be applied to the computing device by the configuration sources as part of the enrollments. Further, disparate provisioning elements that fail to satisfy the respective control data can be prevented from being applied to the computing device as part of the enrollments.

Abstract: Test cases are executed by the software engineering test system. The test cases target software products. Test outputs are generated indicating whether the software engineering test system determined the test cases to have passed or failed. Separately, bug records are stored in a first dataset whose records identify corresponding bugs. Records of the test case executions are stored in a second dataset. Records thereof indicate whether a corresponding test case failed when executed. Such records may have bug identifiers entered by a test engineer and corresponding to bugs identified by the test engineer. The first dataset is parsed to identify records of test runs that have failed, and for each such test run record a bug identifier thereof is identified. Statistics such as failure counts are updated for the bugs found in the test run records.