Intune is a mobile device management platform from Microsoft that allows companies of all sizes to more securely allow mobile devices into their IT plan. As many have discovered, and for some more painfully than others, mobile devices can present a specific challenge for IT security for SMB.
On one hand, we want to allow our employees to remain as efficient and productive as possible, and often this is on the move: out of town, out of the office, or perhaps simply away from his/her desk. Mobile devices—laptops, tablets, and phones, primarily—are simply vital to today’s business operations.
On the other hand, mobile devices provide one of the easiest pitfalls in an IT security plan.
So what’s the answer, then, and what does it have to do with Intune? The answer is…everything.
One method to address the aforementioned security holes is through corporate-owned equipment. This generally means company-issued mobile devices which can be used outside of a traditional office environment. Apps and access can be maintained by the company and, thus, offer a common and controlled level of security (given the correct implementation). It is perhaps in this environment that Intune can be used in its most effective manner.
Intune allows central control of all company devices through a set of policies allowing (or denying) specific access or behavior. For example, as a corporate device, only specific apps approved by IT can be installed on these devices–versus simply someone going to the App Store and downloading Candy Crush. (Unless, of course, it is an approved app…every office is different!)
Bring-your-own-device (commonly abbreviated simply BYOD) is a very common scenario as well. While BYOD offers great flexibility in allowing an employee to use his or her own device, it is very difficult at times to guarantee a device is as secure as possible. This could be whether or not the device is up to date, has a compromised app, has a PIN of “1234”, etc. For businesses that may choose to allow personal devices, Intune offers the flexibility to only control a portion of an employee’s device. In other words, while an employee would be allowed to use his/her phone in a manner as desired outside of work, policies can be created to require enforcement such as minimium OS versions (ex. iOS 13.1) before allowing access to company resources (such as email).
For example, when an employee leaves, it is often necessary to manually witness deletion of any company assets from a personally owned device. This allows for error or (unintentional or otherwise) oversight. With Intune, it can be accomplished securely and remotely.
Intune accomplishes this by controlling the apps that contain corporate information, and is able to maintain control of only corporate data on shared apps (such as a mail app), with features such as encryption or special access policies. This allows a “best of both worlds” approach for many business owners.
Intune can assist in environments that require specific compliance with government regulations. Some of the value here not only stems from being sure that a particular policy is being followed, but as well by giving flexibility in the event a compliance control changes or a new level of compliance is desired.
Intune is available through a variety of licensing methods, and we would be happy to help you implement it! If you’d like to learn more, please CONTACT US or call (443)283-0666!