How To Offer Employees Remote Flexibility Without Sacrificing Security Using Intune

How to Offer Employees Remote Flexibility Without Sacrificing Security Using Intune

Arraya Insights | April 22, 2022

2022 is shaping up to be an interesting time for both employers and employees as the remote world of work endures. We’re now over two years into the pandemic and many employees are still logging in from home, even as pandemic-related restrictions soften.  

While some employers appear eager to bring their people back into the office, the tight job market is holding many back as workers demand better work-life balance amid the “great resignation”. Maintaining flexible work arrangements has become necessary to both maintain talent and broaden the search for talent outside of the surrounding local office.  

For those employers who are continuing with a remote work model, supply chain issues are causing a major hiccup. Significant delays in PC shipments are causing months long backorders. As a result, bring-your-own-device models have become increasingly popular.  

This method has perks for both the employer and the employee. The employer can save costs on hardware while the employee can limit the number of devices they need to carry around. However, BYOD devices can create security challenges in an increasing volatile cyber climate. If these are not secured properly, they present an enormous risk.  

Many businesses and enterprises are turning to Microsoft Intune so they can take advantage of BYOD devices without sacrificing security.   

What is Microsoft Intune? 

While we’ve previously focused on virtual desktop infrastructure (VDI) solutions for BYOD devices within the remote workspace, this type of solution differs from Microsoft Intune. VDI access is fully managed by corporate in domain joined workstations and provides employees and contractors with client-based remote access to their work environment from a personal device.  

Intune provides administrators with the ability to manage MDM applications and devices through three connection types: 

  • Mobile Device Management (MDM): This service is used for enterprise-owned devices, giving the IT team full control of the device. This includes the ability to fully manage, wipe, and locate the device, should they deem necessary.  
  • Mobile Application Management (MAM): This is designed to protect organizational data at the application level and is used to install, contain, and control the application whether it’s a user’s personal device or in a company-owned, fully managed state. 
  • Mobile Application Management – Without Enrollment (MAM-WE): This provides the ability to create MAM Application configurations that can fully manage the company data and apply security configuration to a personal device. This can all be done without affecting any other personal applications or data, or requiring Intune Enrollment. This is the more popular configuration that still provides top notch security and control while maintaining the separation of personal content and business content on the device. 

For the sake of this blog, we’re going to focus on the growing trend of bring-your-own-devices (BYOD), such as cell phones, laptops, and tablets, and the use of MAM. However, MAM can be used on enterprise-owned devices as well.  

How does Intune’s MAM provide application security? 

Intune provides administrators and IT teams with the remote capability to control company data by: 

  • Adding and assigning mobile apps to users, user groups, and devices 
  • Configuring apps to start or run within specific settings 
  • Updating managed apps already on the device 
  • Monitoring reports to track managed app usage 
  • Selectively wiping only organization data from apps without disturbing personal apps 

Intune provides this security through app protection policies. These use Azure AD identity to isolate organization data from personal data and, when coupled with Microsoft Information Protection, restrict certain actions, such as copy-and-paste and save. 

The integration with Azure AD enables broad access controls, such as requiring mobile devices to be compliant with organization standards before accessing network resources. This includes requiring multi-factor authentication for device enrollment and administrators can lock access to services so they’re only available to specific apps.  

Next Steps: Does Your Licensing Include Microsoft Intune? 

Whether you’re looking for licensing for your small business or enterprise, Intune can help you provide the flexibility your employees are looking for with the security that your organization needs.  

An Intune user and device subscription is available as a standalone, or within one of the following bundled licenses: 

  • Microsoft 365 E5 
  • Microsoft 365 E3 
  • Enterprise Mobility + Security E5 
  • Enterprise Mobility + Security E3 
  • Microsoft 365 Business Premium 
  • Microsoft 365 F1 
  • Microsoft 365 F3 
  • Microsoft 365 Government G5 
  • Microsoft 365 Government G3 
  • Intune for Education 

Is Intune already a part of your licensing? Whether you have questions surrounding your Microsoft licensing or how to best manage your remote capabilities, contact one of our experts to start a conversation today.   

Visithttps://www.arrayasolutions.com/contact-us/ to connect with our team now.     

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.     

Follow us to stay up to date on our industry insights and unique IT learning opportunities.