Modern businesses seek to give employees a flexible work environment with the ability to work on desktops or mobile devices, from in the office or out in the field. IT Managers and service providers have had to find new ways to manage and secure their equipment that is no longer restricted to use in a single location in the office.
Recognising this problem as far back as 2011, Microsoft launched Intune (now known as End Point Manager) cloud service to address the need for Enterprise Mobility Management (EMM) needs of the workplace. With more than 200 million devices now being managed, this platform collects data on more end points than most enterprise solutions available today.
Intune now allows Managed Service providers (such as Calibre One), to provide customers management tools to provision, deploy, manage and secure endpoints such as desktops, mobile devices and applications – across an entire enterprise. Intune integrates with both Office 365 and Azure AD to give superior integration, control and deduplication of infrastructure to manage devices.
Intune is designed to simplify the management of a variety of devices in a way that protects corporate data while still allowing employees to do their jobs on either corporate or personal devices. It combines mobile device management capabilities with mobile application management and while tied to Windows 10 and other products in the Microsoft suite, it can also manage hardware running other operating systems.
Through Intune, you can manage devices using an approach that’s right for you. For organization-owned devices, you may want full control, including settings, features, and security. In this scenario, devices and users of these devices “enrol” in Intune. Once enrolled, they receive ‘rules’ and settings through policies configured within Intune. For example, you can set requirements for passwords and PINs, create a VPN connection, set up threat protection and more.
For personal devices or bring-your-own devices (BYOD), users may not want their organization administrators to have full control. In this approach, it’s important to be able to give users options. For example, users may choose to enrol their devices if they want full access to your organization resources. Or, if these users only want access to email or Microsoft Teams, they may use app protection policies that require multi-factor authentication (MFA) to use these apps.
When devices are enrolled and managed in Intune, administrators can:
- See the devices enrolled and get an inventory of devices accessing organization resources.
- Configure devices so they meet your security and health standards. For example, block jailbroken devices.
- Push certificates to devices so users can easily access your Wi-Fi network, or use a VPN to connect to your network.
- See reports to confirm users and device compliance.
- Remove organization data if a device is lost, stolen or not used anymore.
Mobile application management (MAM) is integrated within Intune and is designed to protect organization data at the application level, including custom apps and store apps. App management can be used on organization-owned devices and personal devices.
When apps are managed in Intune, administrators can:
- Add and assign mobile apps to user groups and devices, including users in specific groups, devices in specific groups, and more.
- Configure apps to start or run with specific settings enabled and update existing apps already on the device.
- See reports on which apps are used and track their usage.
- Do a selective wipe removing only organization data from apps.
One way that Intune provides mobile app security is through app protection policies.
App protection policies:
- Use Azure AD identity to isolate organization data from personal data. So personal information is isolated from organizational IT awareness. Data accessed using organization credentials are given additional security protection.
- Help secure access on personal devices by restricting actions users can take, such as copy-and-paste, save and view.
- Can be created and deployed on devices that are enrolled in Intune, enrolled in another MDM service, or not enrolled in any MDM service. On enrolled devices, app protection policies can add an extra layer of protection.
For example, a user signs into a device with their organization credentials. Their organizational identity allows access to data that’s denied to their personal identity. As that organization data is used, app protection policies control how the data is saved and shared. When users sign in with their personal identity, those same protections aren’t applied. In this way, the control of organization data is maintained while users retain privacy and control of their personal data.
Additionally, Intune can be used with other services such as EMS. This feature provides an organization mobile app security beyond what’s included within the operating system and applications. Apps managed with EMS have access to a broader set of mobile app and data protection features.
Managing Mobile Apps
Licensing costs for Intune
Microsoft Intune is available as a stand-alone product, as part of the Enterprise Mobility Suite or within Microsoft 365 Bundles.
Licensing can be purchased directly via Calibre One or billed monthly on your Telstra bill.
When deploying Intune there are several factors that change how you might go about a project so engaging the correct organisation to assist is important to a smooth rollout. Calibre One will work through the deployment using the following broad steps:
The Calibre One team will also work with you through a customised scope detailing the plan of migration and support options for Intune, Office 365 or your entire IT environment. As a Telstra Enterprise partner, the Calibre One team can seek approval to use Telstra Technology Funds to cover the cost of deployment if your Office 365 Intune services bill via the Telstra bill.
Interested in Device Security Management (Microsoft Intune)? Get In Touch Today!
Ph: 1300 4 CALIBRE (1300 422 542)