Abstract: Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.

Abstract: Technologies are provided for prevention of organizational data leakage across platforms based on device status. A device management service may include status information for a client device and/or a connection in a token provided to the client device and update the status in response to changes. An applicable data protection policy may be determined based on the detected status and optionally based on data being accessed. An instruction may be transmitted to a client application executed on the client device based on the applicable data protection policy thereby enforcing the data protection policy at the server. The instruction may cause a script executed at the client application to disable one or more user interface controls associated with functionality such as downloading, synchronizing, printing, etc. of the organizational data to prevent leakage of organizational data.

Abstract: Usage-limited passcodes support authentication when onboarding new employees, when recovering access after an enrolled device is lost or temporarily unavailable, or when registering passwordless authentication methods for new devices during an out of the box setup, among other scenarios. Usage-limited passcodes are also referred to as “temporary access passes” or TAPs. TAP usage may be limited to a specific number of uses, particular kinds of uses, certain time periods, or a combination thereof. A TAP includes a code string and an implementation of corresponding tokens, rights, and other identity aspects within an enhanced access control infrastructure. TAP usage may supplement or replace other authentication, and in particular may replace authentication through a username and password combination, thereby enhancing both usability and security. Self-service identity confirmation may be used to obtain a TAP. Redirection to a federated domain identity provider may be avoided during TAP authentication.

Abstract: Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.

Abstract: A computing system providing access to electronic files is provided. The computing system includes a processor and a data store coupled to the processor and configured to store the electronic files. A user interface component is coupled to the processor and is configured to generate a user interface that allows a first user to select an electronic file to be re-shared with second user. The processor is configured to detect re-sharing of the selected electronic file by the first user and automatically generate a notification to a third user. The notification is configured to allow the third user to cancel the re-sharing of the electronic file.

Abstract: Technologies are provided for prevention of organizational data leakage across platforms based on device status. A device management service may include status information for a client device and/or a connection in a token provided to the client device and update the status in response to changes. An applicable data protection policy may be determined based on the detected status and optionally based on data being accessed. An instruction may be transmitted to a client application executed on the client device based on the applicable data protection policy thereby enforcing the data protection policy at the server. The instruction may cause a script executed at the client application to disable one or more user interface controls associated with functionality such as downloading, synchronizing, printing, etc. of the organizational data to prevent leakage of organizational data.

Abstract: A computing system providing access to electronic files is provided. The computing system includes a processor and a data store coupled to the processor and configured to store the electronic files. A user interface component is coupled to the processor and is configured to generate a user interface that allows a first user to select an electronic file to be re-shared with second user. The processor is configured to detect re-sharing of the selected electronic file by the first user and automatically generate a notification to a third user. The notification is configured to allow the third user to cancel the re-sharing of the electronic file.

Abstract: An interactive display system with a contact geometry interface is disclosed. The interactive display system may include a multi-touch display, a touch detection system configured to detect a touch input on the multi-touch display and to generate contact geometry for a contact region of the touch input, and an application programming interface executed on a processor of the interactive display system. The application programming interface may be configured to receive the contact geometry and to send the contact geometry to a requesting application program for application-level processing. Further, the application programming interface may be configured to receive from the application program a display command based on the application level-processing. The application programming interface may be configured to send the display command to the multi-touch display to adjust a display of a graphical element on the multi-touch display.

Abstract: An interactive display system with a contact geometry interface is disclosed. The interactive display system may include a multi-touch display, a touch detection system configured to detect a touch input on the multi-touch display and to generate contact geometry for a contact region of the touch input, and an application programming interface executed on a processor of the interactive display system. The application programming interface may be configured to receive the contact geometry and to send the contact geometry to a requesting application program for application-level processing. Further, the application programming interface may be configured to receive from the application program a display command based on the application level-processing. The application programming interface may be configured to send the display command to the multi-touch display to adjust a display of a graphical element on the multi-touch display.