Mobile devices were primarily designed for personal use, but they’re becoming increasingly common in Australian businesses today. It’s easy to see why, given the many benefits and opportunities they provide. Mobile devices give employees the flexibility to work in the office, at home, or on the go. In fact, reports show that increased productivity from mobile devices boosted the Australian economy by 2.04%.
Yet despite these benefits, the technology isn’t perfect. Mobile devices are not protected by company networks and firewalls when they’re used outside the office. This means your business data’s security is at the mercy of how employees use their devices. If they connect to unsecured networks, install unreliable apps, or misplace company devices, your business can fall victim to a security incident.
To protect your business, you need mobile device management (MDM) and mobile application management (MAM) solution Microsoft Intune. Here’s what it can do.
Enforce device security policies
Microsoft Intune features a centralised admin console where you can monitor and manage company-registered devices. The MDM solution allows you to establish security and conditional access restrictions to encourage responsible use of devices and data. Below are a few security policies you can set in Intune:
- Role-based access controls – Users can only access data that is essential to their role on their mobile devices.
- Location-based policies – Devices can’t access company apps and data unless they’re connected to a reliable and secure network.
- Application restrictions – The system bans devices with unverified or illegal third-party applications.
- Minimum operating system (OS) version – Devices that don’t have the latest OS updates installed have limited access to company apps and data.
- Jailbreaking policies – Jailbroken or rooted devices are forbidden since they lack essential security features crucial for defending against cyberattacks.
- Device security configurations – Devices that don’t have basic security measures like anti-malware, encryption, and up-to-date security patches cannot access the system.
Remediate high-risk devices
Intune identifies devices that don’t comply with your policies and takes immediate action to minimise the risk to your business. For example, if a device doesn’t have anti-malware software, Intune is preprogrammed to send email alerts to users about the issue. These email alerts also provide detailed steps and installation links so users can quickly fix the problem.
Of course, the remediation steps will vary depending on the security issue at hand. Intune may require users to uninstall unknown third-party software, use business VPN in unsecured areas, or even factory reset a device. Also, if an issue is unresolved for some time, Intune may remotely lock devices to prevent further damage.
Remotely retire and wipe devices
There’s an increased risk of data breaches if company devices are lost or stolen. However, Microsoft Intune makes it easy to remotely control client devices. It comes with retire and wipe features that allow system administrators to decommission devices from your system. So if a device is compromised, you can instantly revoke access privileges, uninstall company apps, and remove data on that device. This feature is also particularly helpful if users leave the company and no longer need access to company apps and data.
Manage company apps
Beyond protecting company devices, Intune offers an array of features that safeguard your apps and data. One of these issues users with a unique PIN code to verify their identity before accessing company data in an application. Another feature allows administrators to encrypt data in emails and OneDrive for Business.
Intune also lets you set app protection policies to prohibit employees from misusing company apps and data. For instance, you can restrict copying and pasting of data from one app to another to avoid information leaks. You can prevent users from accessing sensitive apps if they’re connected to unverified public Wi-Fi networks. More importantly, you can deny access to apps if users don’t have the right authorisation level, PIN codes, and the latest software update.
Make multifactor authentication (MFA) mandatory
Relying solely on passwords to secure company devices and apps isn’t enough to defend against today’s threats. Cybercriminals are much more proficient at stealing passwords using online scams and brute force attacks. There’s also no guarantee that your employees will follow password best practices. For all you know, they’re setting generic passwords like ‘123456’ and using them across multiple accounts.
Microsoft Intune addresses this issue with MFA. Besides passwords, users will need to confirm their identity via a phone call, SMS code, or fingerprint and facial recognition scan. You can even opt for Microsoft’s passwordless authentication solutions, if passwords are too much of a liability.
Whatever authentication methods you use, Intune enables MFA for all company-registered devices, so your security doesn’t depend on weak passwords.
Deploy patches and software company-wide
To defend against the latest threats, you can push security patches and software to mobile devices through Intune’s admin console. You have the option to roll out updates silently or prompt users to install an update package you’ve prepared. This means you don’t have to update each device individually, and that translates to more time and money saved.
If you’re planning on mobilising your workforce, then Microsoft Intune is a must-have solution for your business. From company-wide security policies to patching, Intune provides the advanced protections you need to manage your fleet of devices. Call Empower IT today to deploy Microsoft Intune. We’re the managed IT services provider Australian businesses rely on for cyber security and mobile device management!