Microsoft Intune can now block unauthorized BYOD hardware
Microsoft has integrated third-party mobile threat defense (MTD) software with its Intune unified endpoint management (UEM) platform, enabling corporate systems to detect when an employee’s unenrolled, smartphone or tablet has an app potentially infected by malware.
The new Intune capability is particularly useful for companies with bring-your-own device (BYOD) policies in that it can block access to enterprise systems on devices flagged by the MTD software.
The mobile threat detection feature on Intune will initially allow it to work with software from Lookout for Work, Better Mobile and Zimperium. “In future, we expect other partners to add support for this integration,” Microsoft said via a Monday blog post released during its Ignite conference.
“By blocking compromised mobile devices from [the] ability to access corporate resources like Exchange and SharePoint, this information helps organizations protect the modern workplace against device-based attacks,” Microsoft said. “In the past, this capability required end users to enroll their devices with Intune for mobile device management (MDM).”
The new MTD capability is integrated into the MDM client itself so IT shops won’t have to enroll users separately – they can be provisioned provision together; that makes BYOD enrollment simpler, according to Nick McQuire, vice president and head of enterprise research at CCS Insight.
The Intune update, McQuire said, is about enabling mobile application management (MAM) features for BYOD corporate programs, which typically require companies to purchase more than one software license.
Microsoft’s strategy is to enter the mobile threat defense marketplace – first, through integration deals with third-party MTD providers – and later possibly by creating its own solution or by acquiring a competitor, McQuire said.
IT shops often struggle to find a good MTD product in a relatively nascent marketplace.
“Ultimately, customers don’t want to run two different…