Coronavirus has changed the way we work, possibly forever. And that’s no bad thing; way more flexibility, working where we want, how we want, and with the device we want to work with. All of those things however present business owners with a monster of a headache; how do you ensure your data doesn’t leak? How do we protect devices? Who is responsible for ensuring applications are installed and up to date? In Pre-Covid times, businesses have relied on users being in the office, using office equipment which is managed and maintained by the IT department or by their support company. Now, with corporate data making its way on to peoples phones, tablets and smart devices, these same businesses need to seek out solutions in order to protect themselves, their users and most vitally their customers.
In this blog I am going to discuss the following key topics:
- What is inTune? Who, and how, does it help?
- MAM vs MDM, how does it fit with BYOD?
- What are the business benefits?
- Real world use cases
- Wrap Up
What is inTune?
In a nutshell, inTune is Microsofts answer to Endpoint and Device Management; be that endpoint a tablet, mobile, desktop, laptop, or any other tool a user uses to do work in your organisation with an internet connection. What started as a basic Mobile Device Management (MDM) platform has grown substantially, with hooks into on premise management tools such as SCCM and very advanced deployment (Autopilot) features for desktops and laptops.
Great Matt, but who’s this for? What problem does it solve?
inTune is neatly placed at the heart of Microsoft 365. It has hooks into all of your data and applications across the platform and, being situated in such a situation gives the product a unique amount of power. inTune is especially useful for organisations who otherwise couldn’t, or wouldn’t, be able to manage devices either corporately or personally owned. These devices can be enrolled into the solution, providing management capability from very basic device wipes, through to more advanced features such as splitting corporate and personal data on Android devices. A key takeaway here is:
By securing information at the edge, on the end users device, we provide businesses with the security they require to take a leap toward the Modern Workplace.
If you allow users unfettered access to your corporate data and applications, on personal devices, you open yourself up to a great deal of risk. A level of risk you simply don’t need to accept if you have an adequate Microsoft 365 subscription.
Mobile Device Management VS. Mobile Application Management
Two very similar acronyms with two totally different meanings. The following table shows the typical differences between Mobile Application and Mobile Device Management:
The easiest way to summarise MAM and MDM is that MAM simply manages applications installed on a device, whereas MDM has a deeper integration with the hardware and can manage device settings, allow for remote resets, control PIN and security settings, etc.
The reason the distinction is important is this; it makes management of BYOD (Bring Your Own Device) endpoints much easier and more lightweight by offering them a MAM strategy. Users don’t need to accept your IT department can wipe their phone at any given time, and nor should they. With MAM, your business can secure all of the application data contained within a corporate app, whilst allowing the user to confidently connect and use their own devices to work in a way which suits them.
Consider the following flow chart when deciding which solution could work for your business:
Note that the best possible solution here is for your company to own the device, manage it through MDM and then manage presented apps with MAM.
Business Benefits of using MAM and MDM with Microsoft 365
The advantage Microsoft have over their competition is that all their data and inTune are contained within the same platform. This means that inTune can protect corporate data at source, and not have to be plugged into it. Leveraging Microsoft’s AI, Conditional access and many other security benefits along the way.
Here’s a summary of benefits:
- Protect your company data at the edge on end user devices
- Flexible operating model allowing for granular levels of control
- Automate app deployment and updating procedures
- Provide users with a better experience
- Included with E3 licensing at no extra cost
inTune Real World Use Cases
Here we are going to review two user use cases and how MDM and MAM can help.
Case 1: Brad and his BYOD Device
Brad buys a new personal iPhone which he plans to use for work. He’s connected to Office 365 and can edit some word documents and has downloaded a couple of apps your business is using from the app store and successfully logged in. Brad is effectively working, but one day he decides to take some contact details from your company application for his own gain. By copying and pasting the information from his phone, he can quickly build his own client database, or leak these details to a marketing company for a profit.
In Case 1 we saw a classic bad actor stealing company information. This could’ve easily been prevented by managing the mobile applications and preventing Copy+Paste in inTune. If your business was forcing MDM on to the device as well, screenshots could also be prevented, completely blocking leakage unless the user was willing to sit there and manually type. Even in that case, though, using MDM you can still force a quick lock screen to prevent even that. Using MDM on BYOD devices however, is a tricky topic and something your business has to weigh up the pro’s and con’s on.
Case 2: Carry and her Corporate Phone
Carry is a super busy sales exec. To her, time is literally money and she always needs to be on the go. The IT department issued her with a new phone and when the courier came to pick her old device up, she apologised and turned him away. Carry hadn’t even taken the new phone out of the box for fear of how much time she’d lose setting it up.
Solution: MAM and MDM
In Case 2 we have a very busy, dedicated worker who needs to avoid disruption in order to be productive. By providing corporate devices and managing them with MDM, you can provide an “OOBE” or “Out of Box Experience” which automates everything. All the user needs to do is run through the initial setup, enroll their device (if not auto enrolled) and then inTune does the rest.
By adding managed applications on top of that, the IT department can ensure Carry gets the applications she needs, with the correct versions, first time on her new device. Encouraging her to return the old device in a timely fashion.
MDM and MAM don’t have to be security focused sells within your business; are efficiency drivers too.
Key inTune Takeaways
Whilst I haven’t talked about very specific features, what I’d hope you take away from this is:
- Everyone with E3 or Business Premium has access to the inTune benefit for no extra cost
- A blended strategy of MDM and MAM will yield the best results
- MDM and or MAM will enhance your security posture
- MDM and or MAM will make your users lives much easier
I hope you’ve enjoyed reading this blog post. Until next time!