Dynamic Access Control is a new feature in Windows Server 2012 (aka Windows 8).
It gives you:
- centralized policies
- rules to define attributes on user object, device object and resource object
user.departement == "HR" and device.managed=true and file.department=="HR" -> allow access
So if a user logs from manged machine in the office her/she can access that data, if he/she trys to access the data from their home computer he/she will get an access denied error.
Btw: the Acess Denied error dialog got some improvements as well, so the user can now request access from the dialogue. Let's see if the FIM product group is implementing this into the group membership management as well.
Dynamic Access Control is a integrated feature with Windows Server 2012.