Data security is a hot topic these days. The recent news of the global flaw that put 3,000 Microsoft email servers at risk will surely have impressed upon everyone the importance of data protection.
Unfortunately, data leaks could spring at many different endpoints in your organisation. Links sent through email can compromise your data’s security by taking you to unsecured websites; an attachment containing malicious code could be opened on a device; then one needs to consider people’s behaviour; in other words if your people in your organisation does not manage data sharing correctly, you can quickly lose track of where everything is stored.
So, how can you protect your data? Well, firstly it is important to think of where your data resides, which unfortunately could be all over the place depending on your enterprise’s device policies. Here are some of the key tools used to secure user data; you will probably come across these solutions in the form of different products.
Mobile Device Management
MDM is the administration of mobile devices, including phones, tablets, and laptops. It requires your device to be enrolled; in other words, the owner of the device must give permission for the device to communicate with and be partially controlled by the MDM server – this will be achieved by installing an app or program. Intune mobile device management is available with certain licenses. Mobile Device Management converts a mobile device into a dedicated work device and is not suitable for ‘bring your own’ devices.
Mobile Application Management
A bring your own device (BYOD) policy is very common in business. Mobile Device Management (MDM) systems differ from Mobile Device Management because it does not control individual devices but works at the application level to secure data coming in and out of the application. If you use Cloud applications, then Cloud-based Application Management is recommended.
Enterprise Mobility Management
Enterprise mobility management does not actually refer to specific types of software or services, but to all the different features used by an enterprise to secure data and technology used by workers. This may include both Mobile Device and Mobile Application management, and the work of IT specialists.
Unified Endpoint Management
UEM is the evolution of both mobile device management and enterprise mobility management. It does everything that MDM, MAM, and EMM tools achieve, but it also extends to almost all endpoints used in a business (hence the name); desktops, printers, wearables like smartwatches, and Internet of Things (IoT) devices can all be managed by a Unified Endpoint Management.
Microsoft Intune, also known as Microsoft Endpoint Manager (and formerly as Windows Intune) is a Unified Endpoint Management. Intune is a key component of the Microsoft Enterprise Mobility + Security (EMS) Suite. Intune provides a single admin portal, and as a Unified Endpoint Manager, it means admins can set policies on all endpoints from a single location in the Cloud.
So, what are some of the ways Intune protects company devices? Firstly, Intune protects both company-owned, and employee-owned devices. If it is a company-owned device, there will be even more control over it – for example if the device is stolen, the organisation could perform a full wipe of the device remotely. A ‘bring your own’ device can be partitioned; meaning that corporate data and personal data is segregated. Moreover, with Intune you will have access to a self-service portal containing company-approved apps, allowing you to download apps that you need.
Conditional Access is also commonly applied to company devices that connect to company resources. Users are granted access to the resources they need to achieve their work, provided their device and accounts meet the criteria set to be able to access that data, whilst avoiding giving them unnecessary access to other resources. This stops data getting spread thinly across multiple devices and services, minimizing opportunities for that data to leave the organisation. If a device or account no longer meets the conditional access requirements, they will be locked out of the company.
Microsoft Defender and Microsoft Intune can be integrated as a Mobile Threat Defence solution – this is known as Microsoft Defender for Endpoint. The solution is available for Windows 10, Android devices, and iOS and iPadOS. With this solution, Microsoft Defender for Endpoint can monitor company devices and if there is a security breach on any of them, it can classify that device as high-risk, and block that device off from company resources.
Microsoft Intune follows the same technical and organizational measures that Microsoft Azure takes for securing against data breaches. When a Security Incident is identified, customers are notified. This process includes working with the Microsoft 365 team to communicate breach notification for any Microsoft 365 customers using Intune.