Today, Microsoft announced an exciting new capability providing additional benefits to users of apps protected by Microsoft Intune app protection policies. You can read the official announcement here. Zimperium device-risk based evaluation is now integrated with Microsoft Intune for protected apps on non-enrolled devices to add another layer of protection for corporate data in bring-your-own-device (BYOD) scenarios.
Microsoft Intune app protection
Both Microsoft and third-party developers use the Microsoft Intune App SDK to embed security and conditional access into their mobile apps. For example, Microsoft Outlook and OneDrive are enabled for Intune app protection policies, as are apps like Adobe Acrobat.
After integrating Intune App SDK into their app, IT administrator within an organization set policies in Intune to add security. Examples include requiring users to sign into the app or preventing data loss by not allowing users to copy and paste data out of the Intune-protected app to unprotected apps. This allows organizations to get security benefits at the application level, without enrolling the entire device with Intune.
While Intune has provided conditional access to apps on unenrolled devices for years, the new device-risk based evaluation for Microsoft Intune protected apps on non-enrolled devices enables MTD apps like Zimperium zIPS to notify Intune about the risk posture of the device based on detected mobile threats at app launch. Armed with that information, Intune can block a user’s access to the protected app or wipe any local app data off the device until the threat is remediated.
Zimperium zIPS & Microsoft Intune app protection policies
As one of the partners that helped drive requirements for device-risk based evaluation for Microsoft Intune protected apps on non-enrolled devices, Zimperium is excited to help Microsoft Intune customers protect BYOD users and other corporate initiatives.
With Zimperium zIPS and Microsoft Intune, users are protected from attacks in several ways, including:
- When users try to access Intune protected apps, their access is blocked until zIPS is installed.
- Once zIPS is installed, whenever a threat is detected, zIPS will provide the user with instructions on how to remediate the issue and send the appropriate device risk posture to Intune. If the risk posture is “high”, for example, the app may block a user’s access to the MAM-enabled app or wipe any local app data off the device.
- Once the issue is remediated, the user’s access to the app is restored.
Zimperium zIPS (and its management console, zConsole) brings a host of capabilities and advantages to the new Microsoft Intune integration:
|zIPS Provides…||Value To Microsoft Intune Customers|
|The only MTD solution with on-device, machine learning-based detection of both known and unknown device, network, phishing and app risks and attacks.||Microsoft customers can protect apps on unenrolled devices with the most effective and proven mobile threat detection available… and the only one that does all detection on device.|
|A proven integration with Intune and Azure Active Directory helping protect thousands of Microsoft Intune users everyday.||Leveraging existing Azure Active Directory groups, Microsoft customers can deploy app protection policies to Intune-enabled apps immediately, with minimal effort and at large scale.|
|The only MTD solution hosted on Microsoft Azure.||Microsoft customers can protect BYOD users while adhering to the corporate strategy of hosting applications and data in Azure.|
|The most granular ability to tailor group-based policies around security and privacy objectives.||Microsoft customers can granularly match remediation and forensic/privacy policies for each Azure Active Directory group for both enrolled and unenrolled devices with Microsoft Intune in one zConsole.|
|The only MTD solution capable of integrating multiple MDMs in a single tenant.||Allows Microsoft customers to remain protected using Intune app protection policies on devices enrolled with other MDM-providers during migration to Intune from other previously implemented MDMs.|
To learn more about Zimperium zIPS and device-risk based evaluation for Microsoft Intune protected apps on non-enrolled devices, please contact us.
The post Zimperium Announces Mobile Threat Defense for BYOD users with Microsoft Intune appeared first on Zimperium Mobile Security Blog.