Abstract: In a cloud computing environment, a cross-tenant access security measure includes monitoring conditional access policies for changes or additions that hamper or threaten to hamper an authorized access from an assistant tenant user to a focus tenant. In some cases, cross-tenant access security includes tracking a role assignment list to detect rogue roles, or to detect hampering role changes such as role deletions, or both. In some cases, focus tenant events and assistant tenant events are correlated in an audit. In some cases, the authorized access is a zero standing time bound access. In some cases, the authorized access is constrained to an IP address range, or constrained to login from a managed device, or both. In short, security measures are described that mitigate accidental or surreptitious role or policy changes that would shut down or hinder authorized cross-tenant access.

Abstract: Techniques for integrating the access to a virtual desktop with a local device's operating system (OS) are disclosed. Providing this integration enables a streamlined, highly convenient process for accessing the virtual desktop via the local device, thereby providing a “login-to-cloud” mode. The system displays a login screen, which is native to the system's OS. User credentials for the virtual desktop are received at the login screen. These credentials are used to identify the user and user's corresponding virtual desktop. A stream of an image of the virtual desktop is then received and displayed. Therefore, despite the virtual desktop residing in the cloud environment, the virtual desktop can still be directly accessed via the native login screen of the local device.

Abstract: A platform is configured to perform information technology management as a service. An instance of a servicing application is generated in a computing environment for a client entity identifier, such as a tenancy in a cloud platform of a host provider. The servicing application is created, and instantiated, with no pre-authorized permissions within the computing system, or with fewer pre-authorized permissions than another application in the computing system. A certificate of the servicing application is retrieved from a first data structure in a secure storage device of the computing system, an application authentication token is received from an identity service associated with the computing system based on the certificate, and IT management operations are performed in the computing environment by the servicing application instance based on the application authentication token providing authorization for the instance of the servicing application.