“Bring Your Own Device”: Can That Work Well In Corporate Practice?
Today we’re going to take a closer look at a specific area of Microsoft Endpoint Manager: Microsoft Intune. This allows the use of mobile devices and applications within an organization to be managed in a cloud-based manner.
The term “Bring Your Own Device” (BYOD) is becoming increasingly popular in companies. It stands for the trend to no longer purchase separate hardware for each employee, but to offer everyone the option of being allowed to work with their private devices – so that they can click quickly into the company chat from their tablet on the couch at home or spontaneously from can check their emails in Outlook on their private smartphone. Instead of having to carry two cell phones around with you at all times, someone whose boss works according to the BYOD principle could also use their private smartphone for work purposes.
As expected, there are a number of things to consider: What happens if the cell phone is stolen? Is access to company data secure in this way? Can a clear separation between working hours and free time be guaranteed?
When asked whether access to company data from personal devices is secure, Microsoft Intune offers one answer: Yes, it is. Or more appropriately: Yes, it can be. In the event that the devices or the mobile applications used are registered centrally by the administrator, such a working method can be secure.
What Features Does Intune From Microsoft Offer?
To put it simply: Microsoft Intune helps you to protect company data by offering administration of all devices and apps. Or to put it another way: Intune enables “Mobile Device Management” (MDM) and “Mobile App Management” (MAM) via a secure cloud-based service.
Intune is software with which you can be sure that all compliance guidelines of a company are taken into account. How it works? So, Intune ensures that the company resources, which include data as well as devices and (mobile) apps, are configured centrally and uniformly for all employees in terms of the defined specifications.
Intune can be used, for example, to prevent e-mails from specific employees from being sent to addresses outside the organization or to prevent company data from being accessed from personal devices in a protected manner. With Intune, for example, administrators can determine that users can only access Microsoft 365 via the mobile Office apps if there is an encrypted connection and the user has verified their identity using multi-factor authentication (MFA). In this way, maximum control and maximum security can also be maintained in a bring-your-own-device ecosystem. In addition, Intune enables an administrator to manage end devices via a web browser, for example, to carry out updates or, for example, to carry out virus checks. Access to the connected end devices for maintenance purposes is of course encrypted.
Microsoft Intune Is A Method That Combines Mobile Device And Mobile Application Management:
Mobile Device Management (MDM): Intune is suitable for managing mobile devices. You have the opportunity to decide how the devices are (can be) used within the company (PCs, laptops, smartphones, telephones, etc.).
Mobile application management (MAM): Intune is recommended for managing mobile applications. One has the option to decide how to deal with mobile applications in order to secure corporate data.
The Intune cloud service, which is primarily aimed at companies with 25 to 500 employees, is part of the Microsoft Enterprise Mobility Suite (EMS), the platform for the administration of mobile devices and applications, and is also a component of Microsoft 365.
Intune was designed to integrate with other areas of the EMS platform, such as Azure Active Directory (Azure AD) and Azure Information Protection. By connecting Intune and EMS, you can ensure that emails on the Exchange Server can only be accessed from devices that are enrolled in Intune. In this way, e-mail access protection can be integrated without having to have a gateway computer.
Microsoft Intune: How To Work With The Tool
Microsoft Intune is administered via the admin centre of the Microsoft Endpoint Manager, which can be run via a browser at https://endpoint.microsoft.com. If no Azure Active Directory is used, the Microsoft 365 Admin Center – also available on the web at https://admin.microsoft.com – is mandatory to add users and manage the Intune account. Because Intune is a purely cloud-based service, separate hardware is not required for either mobile device management (MDM) or mobile application management (MAM) – all of this can be set via a web browser and is scalable as required.
Once set up, admins can view any registered devices through the admin centre of the Microsoft Endpoint Manager and have the status quo of all devices that access company resources. In addition, they can configure the devices here so that they comply with the security and integrity standards of the company. In addition, certificates can be securely transmitted to all devices so that they can be securely linked to the WLAN or VPN and updates can be rolled out centrally.
Also Read: 5 Steps To Simplify Cybersecurity