Let’s face it, your corporate data has already left the building. Where is it? How are you going to manage it now? More importantly, how are you going to protect your data now? You need a modern solution for a modern workforce, and you need it now. Every day you hear about some other business that has had their data stolen or ransomed. Sony pictures had movies ransomed, the attorneys for Madonna, Elton John, and Lady Gaga had 750 gigabytes of contracts, financial, and personal data stolen and ransomed, and city after city in the US has lost access to critical operational data because of bad actors preying on vulnerabilities in their environments. Your corporate data is everywhere, and while you may feel like you have a handle on things, the reality is that between people working on mobile devices, shadow IT, emailed files, and access control vulnerabilities, you probably don’t even know all of the places where it is living. If you are concerned about where data compromises could lead, where do you turn for help? Enter Microsoft 365 and Intune mobile device management.
Data Loss Usually Starts at the Endpoint Level, but It Doesn’t Stop There
Microsoft has spent the past few years re-examining modern compute and enterprise mobility and security. They realized that in the past, a business had servers in their data centers, their data castles. These organizations would then build walls and motes of network gear and firewalls around those castles so no one could get in. But technology developed, and laptops entered businesses. Smartphones came next. People wanted to get out of the office to make a pitch or close a deal. Businesses opened small holes for VPNs, and drip by drip, data left the building. The Cloud came and offered new opportunities for data sharing, storage, and access. That’s when the lights turned on for the folks in Microsoft engineering. They recognized the problem and that people needed to concentrate on protecting and securing their data. Microsoft’s solution is four-pronged. 1) Protect and Optimize your networks, 2) guard your identities very carefully, 3) lock down your endpoints with zero trust, and 4) engineer information protection.
Intune: a Way to Stop the Bleeding
Intune is what grew from that effort– your enterprise security and mobility suite of services that lock down your organization’s countless endpoints, as well as access to your data. The sheer market success of Intune speaks to its ability to successfully integrate device management, application management, endpoint security, identity management, and configuration restrictions– whereby if all its predetermined conditions are met, the person using the device may access your data. The term Microsoft uses here is Conditional Access. The best part of Conditional Access is that it works fully in the Cloud. No expensive servers to buy, no data centers to lease, no additional telecom expenses, power, cooling, patching to do– all of which keep your IT department up at night, worrying. Let’s break the various services down and look at the benefits of each.
Manage Your Devices from Day One
Intune starts with device management by joining your compute devices to Azure Active Directory. Many are familiar with on premise Active Directory, but here it’s on steroids. Imagine ordering a PC from Dell, or a Surface Laptop from Microsoft, then having it shipped directly to the end user without the device passing through your IT department. UPS delivers the box, the user powers it on, connects to any Wi-Fi or network connected to the internet. When the user enters their business email address, the computer instantly knows the person’s identity, the corporate identity, all the software the person should have, and the security policies that should be applied to the device. Intune delivers and installs the software assigned to the person. The configuration policies lock down USB, set firewall policies, encrypt the hard drive, and assign the user permission to folders and applications – all without your IT department lifting another finger. The user opens their Outlook, logs in, and vroom, all their email suddenly comes rolling in. The user opens OneDrive, logs in, and zoom, all of their documents and desktop files instantly sync from the cloud to the computer. The user opens Edge and all of their favorites and passwords are there in an instant. All the while, the computing device is reporting everything about itself to Intune. Processor, RAM, Hard Drive, OS versioning, Serial Numbers, IMED all uploaded for your inventory control.
Control Over What Software is–and isn’t– Installed
In addition to basic configuration and access controls, Intune lets you assign the software library you want to deploy, preconfigured to your specifications. You pick and choose which users or groups are required to have specific software. Then you pick which software you will allow users or groups to have if they really want particular applications. Additionally, you have full control over which software is required to be uninstalled for specific users or groups. No preinstalled Candy Crush or Tick-Tock in your enterprise! You can install the software in Intune from the Apple store, Google Play Store, the Microsoft Store, your own Line-of-Business applications, or from any prepackaged 3rd party application. Once the software is in the Intune library, Microsoft 365 can automatically install the software (termed, push) or the user can go to the Company Intune Portal and install software themselves (termed, pull). Your IT staff need not be distracted by these matters.
Security and Policy Configurations
Intune uses Azure Active Directory to identify the user and the device. Once Intune determines that both the user and computer are valid in the Intune environment, Intune will send configuration information to the computer. You may have heard of Group Policies from the old world on-premise Active Directory. Intune can apply thousands of similar restrictions and policies which control how the computer will act. The Windows firewall can be configured precisely. BitLocker encryption can be set; do you want 128 bit or 256 bit encryption? Similarly, you may have heard of WSUS (Windows Server Update Services), where your IT staff have to approve features, security updates, and patching; Intune takes that burden off of your IT department, as well. Set it up and forget it. Let Microsoft Intune do the work.
Secure Access to Corporate Data
Now the symphony crescendos! Intune determined your device. Intune determined your identity. Intune determined what software you need and installed it without you. Intune set up your configurations and update policies. The pieces are all tied together. Finally, all your protections are in place, and it is here that Intune will allow the user to access your corporate data. You laid down all the conditions that must be met before the data may be accessed. Intune is constantly watching, too. If your antivirus isn’t working – no data access. No hard drive encryption – no data access. The best part is that you or your IT department aren’t involved in any of these processes. You now have time to do what you do best, invest your time and energy into your business.
Check out our Microsoft 365 White Paper, from TRUE's VP Operations, Heath Gieson.