Close Menu
Blog
  Back
Posted by on 8th August 2017

Endpoint Manager: Transcript

Now we're going to talk about Endpoint Manager both on mobile devices and we’ll come onto windows devices with what challenges it helps us tackle around mobile devices and those windows devices. From a security perspective our challenges with mobile devices were indeed to ensure company devices meet company standards. We need to make sure if we want every device to be encrypted, to have a pin code on the device, how do we ensure the device meets those standards. The second one is how do we allow people to access company data from personal devices which obviously has advantages from a flexibility perspective but the challenge is we don’t have the same level of control as company devices. The person who owns that device probably won’t want you to be able to configure it, but you still have the concern of how do we secure company data. 

So, the policies we suggest you put in place. The first one you should put in place is compliance and configuration policies for iOS and Android company owned devices. So the compliance device is your standard, so all iOS devices may need a pin code and can’t be jailbroken for example. That would be your compliance standard and any divide enrolled in your organisation would be reviewed against those standards so you can see which meet the standards which don't. Then you've also got the configuration policies where you can push the policies. For example, you can configure a device to lock the screen on a device after it's been idle for three minutes to make sure no one can pick it up and access data on the device. These are real world examples the policies include in the document. The other sort of policy we recommend is around the second challenge which is to implement the MAM policies for BYOD devices and we’ll go ahead and have a quick look at those in the portal. They allow us to control app level if you've got people using personal devices. They might download Word or Outlook on their device, and without controlling their device we can have control over those apps so we can enforce pin codes on the apps themselves, or stop people copying and pasting data, that sort of stuff, without invading privacy and controlling devices that aren’t the business’.

So a couple of quick demos of how these look in the portal. First of all, how a compliance policy looks like here, if you have a look on the screen you can see a iOS compliance policy here and we just get a bit of an idea of what this looks like in the Endpoint Manager and what the settings are. For example, we can see here we won’t allow jailbroken devices, we’ll block simple passwords, all passwords must be alphanumeric and at least 6 characters in length and the password will expire after 60 days. This is where you go to configure those in Endpoint Manager, there’s a lot more settings in here you can utilise. 

Your security standard for mobile devices will be different for different organisations but again our sort of policy gives you good guidelines you can use and implement a strategy that’s right for your business. Again, all the details are there so you could literally look at the policy in the document and configure it in the portal to get to this point. 

The next part is the architecture policy. This can be used on company devices and BYOD so personal devices. They’re useful because they let you control the application itself. If we take a look in here in the Endpoint Manager portal, we take a look at the architecture policies. We’ll actually have a look at some of the settings, so if we go to data protection what we can see in here is for example we’re not going to allow our apps to be backed up to iTunes or iCloud because if somebody leaves we don’t have access to those backups so we don't have access to the company data in there. We allow users to only save copies of documents to certain services so we only allow them to save in OneDrive basically so if they get an email with an attachment we won't allow them to save it to their phone for example. So, you can see there we can also restrict copy and paste for these apps so there’s a setting here. We can restrict cut copy and paste between other apps which will prevent people copying data from work apps into personal apps in order to help you protect company information. 

This is sort of the access requirements for these apps so if someone has Outlook on their device we can request a pin to access it as there’s no guarantee people have a pin on their device. So what you want is if it's a personal device you can make sure if the device got stolen they couldn't just get into the device without a pin and then open one of the apps. So you can actually say even on a personal device they must have a pin or biometric fingerprint or Face ID. It just means the business can control what they should be controlling instead of the whole device. Again, these policies are all specified in the document.

So, now we’ve got Windows devices. So, first of all it’s what policies we recommend you put in place using this technology. We recommend compliance for windows devices to say this is our security standard, the device must have this version of windows and that black devices will be compared to that policy. The second thing you can do is not just review a safe compliance, you can actually use Endpoint Manager to configure bitlocker to be configured on the devices and we’ll show you where that is. The third one is using Endpoint Manager to manage OneDrive so what you can do is push a policy on all devices. Basically, we would for example, prevent personal account syncing, restrict tenant access so they can only add one OneDrive account on their laptop.It means they can’t add accounts for other organisations. ANother policy to put in place is to force the OneDrive client to silently move the norm folders it provided the user with a bit of back up.

So just going to show you the portal again, so compliance policies, options for Windows devices. This is our security standard. It requires a certain version of the operating system right down to patch level. It requires a password on the device and for it to be encrypted. It requires antivirus. We don't want it in our tenant if it has a nasty viru. 

The second part was the Endpoint security policy to not just read the devices security posture but to actually push settings to the device and in this case push out bitlocker to enable bitlocker on the devices. So, in the Endpoint security section on the left you cango in and go to encryption settings and get all of your bitlocker settings in here that you want to push to a device because exactly what type of encryption level you want to use and they’ll do a group policy in here and the benefit is that whether on the network on not this is the policy on the device.

 
Recent Posts

Some of our happy clients...

Mark Arundale
Managing Director- Sine Consulting

We moved to Circle Cloud just over a year ago because our IT was costing us productivity. There was a lot of downtime and unpredictability, which made running our business harder than it needed to be. Circle Cloud have made things so much more straightforward. Their IT Management Plans are perfect for our needs as a small business. The service is so clear and well designed, we have regular reviews and now have a more proactive and professional provider

Beverly Goodall
Managing Director- Abacus Bean

As the owner of an accountancy practice, there’s so much to think about. I need to stay focussed on our own products and services and making sure our customers are looked after. That’s why working with Circle Cloud has been perfect. They’ve taken away any concerns I’ve had around information security. The initial 30 day onboarding process made such a big difference, and the support we’ve had since has been excellent.

Andy Craddock
Managing Director- Accurate Data Services

In our industry it is critical to be constantly focussed on information security. At Accurate Data Services Ltd we always deal with extremely sensitive data, so remaining one step ahead of IS risk is our top priority.  We wanted to work with Circle Cloud because there IS infrastructure design continuously ticks all of the right boxes, can be delivered quickly and is scaleable.  It really is a comfort to everyone in the business that Circle Cloud are there, constantly having our back and making sure that our IS systems are always best in class.

Tony Crocker
Managing Director- IWC Wills & Probate

Circle Cloud’s IT Managed Service has been brilliant for us. It really is focussed on the security side of things. That matters a lot. When you think about all the emails and information that get shared on a daily basis, there is always that worry that something important might slip through. But Circle Cloud have put everything in place to make sure we’re safe.

Mark Pendlebury
IT Manager- Cosatto Limited

Working with Circle Cloud to implement the transition of our ERP system and SQL server into Azure has been a great choice. They have shown great knowledge of the platform and it's possibilities and have worked closely with us to ensure key project milestones and testing phases were met resulting in a successful and on time go live. Furthermore, they have also offered great advice and help on licensing to ensure costs are kept to a minimum.

Deborah Hugill
IT Director- Nigel Wright Ltd

We needed to modernise our server infrastructure in order to enhance resilience, as well as improve accessibility for our European workforce.  This is why we decided to move to the cloud, however we needed a supplier that could help us on our journey. We found the perfect technology partner in Circle Cloud, who specialise specifically in the Microsoft Cloud. They moved all our applications and files to Microsoft Azure which has proven extremely robust, ticking all the boxes we needed it to.

Urfan Durrani
IT Director- Protec International

As a business we had various challenges from moving a legacy on premise exchange system into hosted Office365 environment. Our Office365 system offers the users almost guaranteed uptime, accessible from any place and device, whilst its management facilities make it easier to monitor and control. The commitment to quality and care by Circle Cloud, provided the management team with assurances.

Craig Kippling
Director- Studio Anyo

We needed a telephone system that offered the functionality of a PBX solution. Circle Cloud were the perfect partner to guide us. They demonstrated how Microsoft Teams itself could be used as our full, business-wide telephone solution. They scoped our requirements and migrated our group to Microsoft Business Voice, which bolts seamlessly onto Microsoft Teams.  Our decentralised workforce can now make and receive business calls from anywhere using mobile apps and laptop headsets. This has proven invaluable over the last year and will assist in our future growth. 

Rebecca Pendlebury
Customer Care Manager- Scamp & Dude

As our Customer Care team grew we soon realised we needed to open up forms of contact for our customers. We also needed a system that was flexible and easy to use. As we already used Teams, it felt natural to incorporate Teams Voice and we couldn’t be happier with the result. As a result of Circle Cloud’s recommendations, implementation and training, we now have a happy team and customers.

Ian Burns
IT Services Manager- Waterton Academy

Circle Cloud’s offer of Office 365 security audits catered for every aspect of the brief, however it excelled in the way it was delivered to us as a customer. The added value area of mapping out detailed next steps alongside flagged areas was highly valued and demonstrated their unique ethos of being able to provide an external sound board/advisory presence and where needed, action change by their internal staff as a commissioned service. Based on the experience we had from Circle Cloud, including value for money, the accuracy and attentiveness from staff, we have now adopted the company as our external consultant for Microsoft cloud technologies.

John Painter
IT Systems & Development Manager- Denbury Homes

In November 2021 Circle Cloud were engaged after a shortlisting process, for a time sensitive tenant to tenant domain migration following a business separation- each tenant being wholly separate to the other. Several companies were contacted and their tools assessed, but none could provide a ‘one stop shop’. The expectation was that end users would see no visible difference with regards to experience or content, with the exception of a new temporary password and new MFA registration process. Circle Cloud were able to achieve this within the tight deadline. Denbury Homes are happy to recommend Circle Cloud for Office 365 and Azure Cloud to Cloud migrations, as well as On Premise to Cloud migrations.

Circle Cloud Limited
Company

Circle Cloud Ltd.
Fusion Hive
North Shore Road
TS18 2NB

  0191 672 7012
  info@circlecloud.co.uk
Products
Company
Social
Accreditation
  • ISO/IEC 27001
    Cert Number: IS 697 097
  • Cyber Essentials Certified
Site by Calm Digital Limited
© 2024 Circle Cloud Ltd.
Drop us a message...
Open Menu Open Menu
Contact Us
Open Menu Open Menu
CONTACT US