How many people do you know who actually keep track of two separate phones, so they don’t have to mix personal and business uses on the same device? I’m betting that number is a lot lower than it was 7-8 years ago. It just isn’t feasible to carry, protect, maintain, and answer multiple phones. Further, what organization wants to enforce a policy prohibiting its employees from using their mobile devices for personal phone calls, emails, and web research? The reality most of us live with is that our end users need to use company software on personal devices, but you still need to manage, protect, and inventory all of that software and data. If your teams use Microsoft products to accomplish basic business tasks, and you would like to free them up to work from anywhere without compromising your management and security policies, you’ll want to take a look at Intune. Intune is Microsoft’s current solution for Mobile Device Management (MDM) and Mobile Application Management (MAM). Part of the Microsoft Enterprise Mobility Security Suite (EMS), it integrates with Azure Active Directory, providing controls defining who has access and what can they do with that access.
Intune - Mobile Device Management and Mobile Application Management
Intune allows authorized users to enroll their devices, which in turn allows you to manage, protect, deploy software, inventory and report on those devices, and should the need arise, wipe the device of all data. As an ethical manager, you may be wondering if that introduces privacy concerns for users, since most mobile devices are mixed use now. To address this very issue, Intune is built with an architectural “separation of church and state”, so to speak – always keeping personal data, such as photos, texts and web history, private and separate from company data.
The premise of Microsoft Intune is to provide a secure, managed platform that grants access to corporate resources from user’s devices, while maintaining the necessary infrastructure to prevent accidental breaches and data loss.
How hard is it to implement Intune?
Device enrollment is straightforward and requires that you download the application to your device and install it. It will take you through a wizard, informing you what you are agreeing to and letting you know that your device must meet with their defined minimums. Normally, the baseline requires that the device be at a certain version of an OS, not be rooted or jailbroken, and have a password enabled – pretty basic. Additionally, you will need to allow your device to trust the Intune provider so it can be managed. When this is completed, the Intune server will collect the data it requires from your device – model, OS, and owner – so it can be identified, then it will let you into the portal.
Once successfully enrolled, you will have access to the applications Microsoft supplies.
Currently, the public applications that support the Core Intune App Protection policy settings are the Microsoft M365 Office Suite applications, Microsoft 365 Admin, many of Microsoft’s other web apps that they offer as SaaS, Dynamics 365 and Microsoft Skype for Business being two examples. Other software manufacturers also support the Core Intune App Protection policy such Adobe Acrobat Reader, Acronis and Zoom to name a few.
Am I limited to managing only Microsoft applications?
The list of supported applications continues to grow, and with available SDKs, you have the ability to create your own specific applications to roll out to users. Especially in fields like healthcare and finance, where organizations like to build their own internal applications, this could be an invaluable asset in your security toolkit.
Managing your corporate data in the modern work environment is no easy task, especially as systems become more and more spread out. Asking your employees to quit using their own devices, though, isn’t a realistic solution. Nor is letting them use personal devices without protecting your corporate data assets. It just makes sense to add a layer of security and device management that is built to accomodate with their lifestyles. After all, your users work hard every day to keep the business up and running. The easier you make it for them to perform their work from wherever they are, whenever – without the worry of security compromise, the better. And the fewer management and security headaches you have to deal with, the more time you’ll have to do everything else that’s on your plate.
TRUE engineers are here to help, request a consultation to speak with one of our experts.