Microsoft Intune can now block unauthorised BYOD hardware
- 12 November, 2019 06:15
Microsoft has integrated third-party mobile threat defence (MTD) software with its Intune unified endpoint management (UEM) platform, enabling corporate systems to detect when an employee's unenrolled, smartphone or tablet has an app potentially infected by malware.
The new Intune capability is particularly useful for companies with bring-your-own device (BYOD) policies in that it can block access to enterprise systems on devices flagged by the MTD software.
The mobile threat detection feature on Intune will initially allow it to work with software from Lookout for Work, Better Mobile and Zimperium. "In future, we expect other partners to add support for this integration," Microsoft said via a blog post released during its Ignite conference.
"By blocking compromised mobile devices from [the] ability to access corporate resources like Exchange and SharePoint, this information helps organisations protect the modern workplace against device-based attacks," Microsoft said. "In the past, this capability required end users to enroll their devices with Intune for mobile device management (MDM)."
The new MTD capability is integrated into the MDM client itself so IT shops won't have to enroll users separately – they can be provisioned provision together; that makes BYOD enrollment simpler, according to Nick McQuire, vice president and head of enterprise research at CCS Insight.
The Intune update, McQuire said, is about enabling mobile application management (MAM) features for BYOD corporate programs, which typically require companies to purchase more than one software license.
Microsoft's strategy is to enter the mobile threat defense marketplace – first, through integration deals with third-party MTD providers – and later possibly by creating its own solution or by acquiring a competitor, McQuire said.
IT shops often struggle to find a good MTD product in a relatively nascent marketplace.
"Ultimately, customers don't want to run two different agents on a device and pay separately for mobile threat defence. This is a good step for Microsoft. I think it's a sign Microsoft will go harder into this arena," McQuire said.
Microsoft already offers threat defence software for enterprise PCs and laptops via its Microsoft Defender firewall, so it's a natural evolution to begin offering it for iOS and Android mobile devices.
"Currently, there's no clear winner in the MTD space, so it makes sense for Microsoft to maintain its neutrality. Ultimately, Microsoft will need that capability across all end-points and not just in the PC environment."