Microsoft Intune can now block unauthorized BYOD hardware

Microsoft has integrated third-party mobile threat defense (MTD) software with its Intune unified endpoint management (UEM) platform, enabling corporate systems to detect when an employee’s unenrolled, smartphone or tablet has an app potentially infected by malware.

The new Intune capability is particularly useful for companies with bring-your-own device (BYOD) policies in that it can block access to enterprise systems on devices flagged by the MTD software.

The mobile threat detection feature on Intune will initially allow it to work with software from Lookout for Work, Better Mobile and Zimperium. “In future, we expect other partners to add support for this integration,” Microsoft said via a Monday blog post released during its Ignite conference.

Microsoft Intune threat detection Microsoft

The Intune setup page for mobile threat detection

“By blocking compromised mobile devices from [the] ability to access corporate resources like Exchange and SharePoint, this information helps organizations protect the modern workplace against device-based attacks,” Microsoft said. “In the past, this capability required end users to enroll their devices with Intune for mobile device management (MDM).”

The new MTD capability is integrated into the MDM client itself so IT shops won’t have to enroll users separately – they can be provisioned provision together; that makes BYOD enrollment simpler, according to Nick McQuire, vice president and head of enterprise research at CCS Insight.

The Intune update, McQuire said, is about enabling mobile application management (MAM) features for BYOD corporate programs, which typically require companies to purchase more than one software license.