As part of any company’s digital transformation strategy, companies are looking for the best way to offer their employees mobility in flexible and productive work environments, whether on desktops or mobile devices (in the office or outside it) , although this implies a greater security challenge for the IT departments .
Therefore, as a consequence, companies need to manage the high number of devices that access corporate data, maintaining control and protection at all times, which a priori is not a simple task. To address this challenge, we have Microsoft Intune, a cloud-based mobile device management (MDM) and mobile application management (MAM) solution that significantly increases the productivity of employees while offering the organization security and protection of their data.
In addition, Intune centralizes the administration and security of PCs, laptops and mobile devices from a single administrative console and provides hardware and software configuration reports, allowing:
Manage mobile devices that employees use to access company data.
Manage mobile applications that employees use to access company data.
Manage the Windows devices of the company.
Verify that all devices and applications comply with the security and compliance policies of the organization.
Mobile device management (MDM)
With Intune you can register corporate and personal devices of your employees to establish configurations, enforce regulations and protect your corporate data. Next, we detail some of its main functionalities:
- Authorized devices: You can manage all types of devices (iOS, Android and PCs) as well as enforce security policies to access corporate information.
- Selective deletion of data: With this function, if a device is lost, stolen or if the employee is no longer part of the organization, the administrators can delete the corporate data that was inside the device, and can optionally do so without deleting the data user’s personal
- Automated deployment of applications: It allows to install in an automated way new applications and updates of the same, in the devices that Intune manages.
- Self-service model for IT: Employees have the possibility to register their own devices and install corporate applications on iOS and Android devices, eliminating the burden for your IT department.
- Supervision of mobile devices: You can create alerts that notify you when an incident occurs in the devices controlled by Intune.
- Inventory and generation of hardware and software reports : Inventory reports to control devices with access to corporate services and the use of licenses.
- Measure compliance: Intune automatically and continuously checks whether corporate devices are compatible and secure in accordance with the company’s security policies.
Mobile application management (MAM)
In order to keep your company’s confidential information safe, Intune protects and controls how corporate data is used and shared. In addition, if you have conditional access, there is the possibility of forcing that users’ mobile devices can only use Microsoft applications to access corporate data in Office 365, and can also apply the desired security policies.
These are some of its main functionalities:
Control of corporate data: Thanks to the isolation of corporate data and personal data within the same application (for example, in Outlook, OneNote, OneDrive, Teams, Edge) the IT department controls the company’s data while the user maintains the privacy of your personal data.
- Protection of information: Thanks to the previous isolation and through certain directives, corporate data is encrypted and access to each Microsoft App installed on the device is protected through biometric systems (FaceID, fingerprint or PIN). It can also prevent the user from saving or copying corporate data from those applications to personal accounts or applications. Additionally, it is possible to configure which vulnerable devices (for example, Jailbreak or Root) can not access.
- Reports: Create reports on the inventory of mobile applications and tracking the use of mobile applications.
- Devices not registered (BYOD): MAM also offers you the possibility to control and protect your data on devices that are not registered (typically personal devices), since the protection is done at the application level. For example, in case of loss of personal device, the organization could delete the corporate data of it, remotely.
Management and administration of PCs
With the management of Intune PCs you can manage Windows 10 devices in the same way you do with the company’s mobile devices. These are some of the main functionalities:
- Updated equipment: With Intune you can make sure that the equipment is always up-to-date.
- Applies advanced settings for both security and device management: Among them, device protection (Windows encryption, Credential Guard, protection against vulnerabilities …), identity protection (Windows Hello for business), device restriction (Limit the Microsoft store, limit the control panel and configuration options, manage Cortana and Microsoft Edge …).
- Deployment of Microsoft and third-party applications , from the centralized Intune console.
- Control and protection of corporate data: Similar to the protection offered by Intune for mobile devices (MAM), it is possible to prevent users from transferring data from desktop applications that use their work account to applications that use personal accounts, helping to prevent information leaks (Applying Windows Information Protection “WIP” directives). In addition, it allows you to control the applications that have access to your company’s data (not only Microsoft applications), applying restrictions on unauthorized ones.
- Continuous evaluation of the device to confirm that the security standards defined by the organization or the security baselines are met (Group of configuration options recommended by Microsoft and that gather the knowledge of security experts from Microsoft, partners and customers).
Differential value: Intune in Enterprise Mobility + Security (EMS)
Intune is part of EMS and integrates perfectly with other components of the suite such as Azure Active Directory (Azure AD) for identity and access control and Azure Information Protection (AIP) for the protection of corporate data. Also, when used in conjunction with Office 365, it allows employees to be productive on all their devices without compromising the organization’s information. All of this gives Intune a differential value compared to third-party mobility management solutions.
By using Intune with the other EMS services, you provide the organization with additional security because an EMS managed application has access to a wider set of identity, device, application and data protection features, including:
- Start of single session with third-party applications (Twitter, Facebook, Salesforce …)
- Multi-factor authentication.
- Conditional access to applications.
- Simplifies the process of registering new devices with Windows Autopilot.
- Compatibility with Rights Management.
One of the features we want to highlight is conditional access, which combines the power of Intune and Azure AD Premium. With conditional access, you can define policies that limit access to your corporate data based on location, device, user status, and application sensitivity. In addition, risk detection capabilities can detect suspicious behavior and apply restrictions automatically.
How to acquire Microsoft Intune?
Microsoft Intune can be purchased as an independent product or in one of the following sets of licenses:
Do you want to know more about Intune? Contact us!