The nature of having a mobile workforce imposed multiple challenges for this client. How could employees have access to corporate data and resources on their mobile device while protecting that same data? How could the client remove corporate data from personal devices when an employee is offboarded? How can the company provide secure access to Office 365 applications?

Originally, the client implemented VMWare’s AirWatch to assist with these challenges, however that solution could not satisfy all of the client’s business needs.

This Microsoft Intune success story was solved using Azure and the mobile device management capabilities of the Microsoft technology stack.

• Provide tight integration with Office 365 and the use of Office mobile apps with app protection
• Deliver secure and improved user experience by allowing users to use apps they are familiar with and prefer
• Enable access to internal corporate services on mobile devices
• Provide data protection on mobile devices
• Take advantage of investment in Azure and Office 365 to reduce costs for other MDM solutions
• Migrate from VMWare AirWatch to Microsoft Intune
• Consolidate to a single mobile device management solution
• Provide secure access to the Office 365 Suite (i.e., Exchange Online, SharePoint Online, and OneDrive)
• Prevent corporate data from being stored or forwarded to non-corporate services on the mobile device
• Provide capability to wipe corporate data from the personal and corporate devices

ActiveIdM approached this implementation by creating use case scenarios to segment the client’s user population into manageable groups by user type, user role, device role, organizational role, and supported device platform. This enabled the our team and the client stakeholders to clearly understand Intune policies and security settings in difference scenarios. This solution also made consideration for device ownership, corporate versus personal.

Asset management and reporting was also provided with this solution. Intune was leveraged to perform management tasks such as collecting complete phone numbers for enrolled devices and inventorying applications on corporate-owned devices and presenting this information to administrators.

With use case scenarios defined, ActiveIdM implemented the necessary Intune policies and security settings to address each of the use cases.

Key to this solution is device compliance. The Intune policies were configured to ensure that all mobile devices behave in a predictable and secure manner. This includes requiring a device unlock code, encryption, detection of rooted or jail-broken devices, minimum and maximum operating system versions, and continuous monitoring of the user’s Mobile Threat Defense level.

This successful implementation provided a large step forward in the client’s ability to give users the resources they need, and on the devices that they use, while providing robust controls to keep corporate data secure.