Securing Mobile Employees with Microsoft InTune

As more companies adopt a bring-your-own-device (BYOD) working environment, awareness surrounding end-user security has continued to increase. How do employers ensure their data and network, accessed from multiple end-points, remains secure? And what is the best means of protecting employees from malicious vectors such as SPAM and malware? Microsoft Enterprise Mobility Suite + Security (EMS) was specifically designed to alleviate this concern. EMS is a management system that monitors and secures mobile devices while providing a single sign-on for mobile, SaaS, and on-premises apps such as Exchange and SharePoint. From compliance solutions to granular access levels, Intune ensures that your employees are working safely, wherever the job takes them. 

Here's How Microsoft InTune Can Help You Secure Your Business Data:

What Is Microsoft InTune

As a sub-section of Microsoft Enterprise Mobility + Security, InTune is responsible for mobile device management, application management, and endpoint management. Essentially, InTune was created to secure company data by actively managing how said data is accessed and shared. The cloud service achieves this by:

  • Restricting what users can do, in-app, with corporate information (such as copying/pasting, saving, and viewing). If a user wants to save information, it can only be done between secured locations. 

  • Removing company data from mobile apps in a process called "selective" or "corporate" wipe. This removal does not impact personal information stored on the device.

  • Keeping personal information separate from corporate IT awareness.

InTune allows employer data to be managed at the application-layer, eliminating the need to secure entire devices. Reflecting the diversity of employee platforms,
InTune is not exclusive to one operating system, and works for iOS, Android, Windows, and macOS devices.

Microsoft Intune Explainer Image

Setting Standards

InTune’s mobile management system reinforces a culture of compliance in the following ways:

  1. Devices Must Enroll in InTune for Management

    • This allows company IT to measure device compliance, app inventory, and usage.
  2. Establish App Protection Policies

    • These policies outline how and to what degree user devices will be managed. This transparency fosters a more cyber-aware working environment and employee buy-in. The policies can include device configuration and industry-specific compliance policies. 
  3. Reliable Security Updates

    • Through mobile application management, apps are regularly configured and updated with the latest security and productivity features. Ensuring you are checking in on the latest security baselines will help you achieve optimal security. 
  4. Data Loss Prevention

    • InTune actively prevents accidental or intentional data corruption by requiring encryption for managed app storage. 

Beyond the in-app experience, InTune also allows for granular policies that outline conditional access. This role-based administrative control segments employees based on their position and assignments. Access can be determined/adjusted according to: device compliance, location, risk, and app sensitivity. End-user security can be further strengthened by implementing multi-factor authentication (MFA).

[DIAGRAM] Microsoft Azure Portal WorkloadsImage courtesy of: Microsoft         

Integrating with Azure

InTune is accessible via the Azure portal (pictured below). This provides an integrated dashboard for all EMS components, and allows employers to: find users, locate personal devices, set groups, create compliance and configuration policies, and manage on-premises and conditional access. These access settings leverage Azure Advanced Directory (AD) for integrated ease of use. Microsoft wanted to improve security for Azure AD, so they integrated behavioral-based tools such as multifactor authentication. Before this update, if a user completed the MFA process during their device registration, the authentication lasted long after use. Now, employees will be prompted to redo MFA for any apps that require this policy. 

Securing Your Employees

In the mobile age, you can't afford the consequences of unsecured devices. The ideal defense-in-depth strategy is a multi-layered one. For Microsoft Enterprise Mobility + Security, InTune is an essential layer on this road to a secured, compliant workforce. Remember, InTune and EMS:

  • Enforce policies to improve data security.
  • Use behavior-based analytics for proactive cybersecurity intelligence.
  • Protect information from unauthorized access, both internal and external.
  • Enhance the security of your cloud-based and on-premises environments.

Why wait? Learn more about iCorps' Managed EMS Services today. 

Contact for a Free Consultation