Google and more recently Apple, have both released native operating system level options to secure data on an employee’s personal device s through a containerised partition on the device that keeps enterprise apps and data separated from personal apps and data. It is possible to integrate MTM with Conditional Access to ensure only access to Office 365 data is only allowed on devices that have a Mobile Threat Defence app installed. MTM can detect compromised apps and networks on any device with the MTM app installed, allowing for greater visibility and control. Mobile Threat Management add-on for Intune APPĪn additional recommendation for Intune APP – MAM enrolled devices would be to leverage a Mobile Threat Management Solution (MTM) to inspect for threats before allowing access to the apps. , encryption, patching level, authentication – including MFA).īoth Intune and Azure logging can identify what apps are being leveraged using Intune APP. ![]() Intune APP, in combination with Azure Conditional Access policies, can be used to block access to Office 365 data if compliance requirements are not met (e.g. For example - the user will not be able to open/authenticate to Outlook on a jailbroken or rooted device. Integration with Google’s SafetyNet Attestation to validate the integrity of the device which checks for rooted devices, emulators, virtual devices, and devices with signs of tampering fail basic integrity.Ī policy that blocks the use of Microsoft apps on a jailbroken or rooted device. Many policies to reduce risk to company data stored in the Microsoft apps on a personal device including blocking data transfer from the Office 365 apps to personal apps, blocking back up to cloud storage, blocking screenshots and blocking 3rd party keyboards.Ī mechanism to only allow access to enterprise data on a personal device if the device is running an approved operating system version. Several policies to protected enterprise data on a personal device including requiring a PIN to access the Office 365 apps (Outlook Email), encryption, and DLP. Access to these apps is only accessible via an Azure Active Directory (AAD) account so decommissioning an employee’s AAD or AD account would also block access. This data can be expired / access revoked remotely as required (lost, stolen, compromised device, employee offboarding). Intune APP provides a secure, encrypted sandbox for enterprise data on a personal device. You can read more about these options via this link. It is also possible to add your in-house and third-party developed apps to this eco-system if you write the Intune app SDK into your apps or wrap them with the Intune app wrapping tool. These are Microsoft’s productivity suite of apps including all the apps you need for your general business activities including email, browsing and document editing. The apps that can be secured with Intune App Protection policies include many apps. ![]() Intune APP provides a secure, containerised solution that enforces encryption, device pin and checks device health before allowing access to Office 365.Īs soon as someone downloads one of the enabled apps and authenticates with their work account (Azure Active Directory account) the Intune APP policies will be applied, regardless of whether their device is MDM managed or not. This is a great solution if you need to secure data in the Microsoft Apps for Enterprise suite including Outlook, Teams, Office and Edge. Microsoft has developed their own MAM solution called Intune App Protection or Intune APP. It’s great for personal devices and BYO programs. Microsoft Intune and Mobile Application Management (MAM) This article provides an overview of the best solutions to secure enterprise data on personal devices – allowing you to enable BYOD for your employees, maintain user privacy and keep out the bad guys. The problem is that while the cloud makes it easier for your employees to access your systems remotely, it also makes it easier for hackers to do the same. One of the main benefits of migrating your systems to the cloud is that it’s easier for your employees to access resources from any device and any location – all they need is an internet connection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |