Abstract: Examples of cloud-based removable drive encryption policy enforcement and recovery key management are described. In some examples, a removable drive encryption policy is received from a cloud-based management service. A removable drive is recognized by an operating system of a client device. An encryption command causes the operating system to request user password creation and encrypt the removable drive. A recovery key is identified from a write-output of the operating system. The recovery key is transmitted to the cloud-based management service for storage in a cloud-based removable drive recovery key escrow.

Abstract: Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an email client executed in a client device. The identity provider service can then detect a platform associated with the client device. The device and the user's identity can be authenticated so that an IT administrator can specify that only authorized devices can access email using the email client.

Abstract: Examples of cloud-based removable drive encryption policy enforcement and recovery key management are described. In some examples, a removable drive encryption policy is received from a cloud-based management service. A removable drive is recognized by an operating system of a client device. An encryption command causes the operating system to request user password creation and encrypt the removable drive. A recovery key is identified from a write-output of the operating system. The recovery key is transmitted to the cloud-based management service for storage in a cloud-based removable drive recovery key escrow.

Abstract: Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an email client executed in a client device. The identity provider service can then detect a platform associated with the client device. The device and the user's identity can be authenticated so that an IT administrator can specify that only authorized devices can access email using the email client.

Abstract: Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an email client executed in a client device. The identity provider service can then detect a platform associated with the client device. The device and the user's identity can be authenticated so that an IT administrator can specify that only authorized devices can access email using the email client.

Abstract: Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an email client executed in a client device. The identity provider service can then detect a platform associated with the client device. The device and the user's identity can be authenticated so that an IT administrator can specify that only authorized devices can access email using the email client.