01 Apr TAKE CONTROL OF ALL YOUR BUSINESS DEVICES
The modern workplace features an increasing number of devices, all of which empower employees to work flexibly in the office, on the move and at home. While this allows teams to work more freely, it poses a challenge to IT departments who are tasked with managing these devices. It requires a comprehensive device management system to ensure that all devices are secure and compliant.
That’s where Microsoft Intune comes in!
Microsoft Intune is a device and operating system management tool offered via the cloud. The security tool you’ve been looking for, it allows for complete or partial control of your business’ as well as aspects of your employees’ own devices to ensure that your corporate data is never compromised.
It’s in the Cloud, and like other Microsoft cloud-based platforms it is available on a subscription and requires no physical infrastructure as you’d expect to form a cloud-based solution. It is also included in all Microsoft 365 bundles. It also requires the use of Azure Active Directory as it integrates with this service to control identity and access.
So how does it work and what exactly will it let me do?
Device Management
With Intune, you can choose to have extensive or limited control of the devices that your employees use. The degree of control is likely to depend on whether the device is owned/provided by your business or if it is the employee’s own device.
If you want full control over a device it can be ‘enrolled’ on Intune. Thereafter, the device will be under the governance of you or the ‘administrators’ and the device will have settings and policies applied as directed by your organisation using Intune.
When it comes to personal devices, open a dialogue with your employees about what resources they require access to. If they only need to use a couple of apps on a device then perhaps multi-factor authentication would be the only security step needed. If they require full access to your organisation’s resources then it may be worth asking if they would enrol the device.
When devices are enrolled administrators can:
- See a list of devices that have access to the organisation’s resources.
- Apply security settings that meet company standards.
- Monitor for compliant/non-compliant user behaviour.
- Wipe company data if a device is compromised e.g. lost or stolen.
- Push access certificates to devices to help users access wifi networks or VPNs for example.
Application management
In addition to managing entire devices, Intune can also be used to wield control at the application level. App management can be used on company and personal devices and works with custom-built and off-the-shelf applications.
Administrators are able to do the following when apps are managed through Intune:
- Send and assign applications to users, devices, groups of users, groups of devices etc.
- Track usage of applications.
- Remove company data from applications when required (company data can be selectively removed leaving data that may be personal to the user).
- Remotely initiate app updates and specify app startup settings.
Intune allows the enforcement of ‘app protection’ policies which ensure that your company’s sensitive data is not allowed to leak out. This can be particularly important when a device is used for both personal and business purposes as there is the potential for sensitive data to find its way among personal files.
Because these policies are enforced at app-level there is no requirement for full device management, or for a device to be ‘enrolled.’ Some of the benefits of using ‘app protection policies’ are listed below:
- Applications are unaffected when user’s login for personal use. Restrictions only apply in the context of business. Your employees are free to use personal accounts without restriction.
- The removal of data from apps and the sharing of data between apps can be tightly controlled. You can also add extra layers of security such as Pin numbers when an app is used in a business context.
- You can tailor policies depending on how secure a device is. For example, you might want stricter app management policies on devices you don’t control, and less restrictive policies when you have much greater control over a device.
Microsoft Intune really is an invaluable tool in your data-security arsenal and has a heavy presence in many sectors including retail, manufacturing, government, education and many more.
We’re Beeso IT, how can we help?
If Pluralsight sounds like an ideal solution for your organisation and you are confused as to how to get started… this is exactly where Beeso IT steps in. Our expert team of engineers, consultants, solution architects and project managers work right alongside our client’s internal IT teams – bringing their years of technical experience & competencies to your business on a need by need basis.
Wherever you require support, for whatever technology requirement. The Beeso IT team are on-hand locally as your global technology partner. If you are unsure of how secure your endpoints are, please contact the team today.