Close Menu
Blog
  Back
Posted by Andrew Ballantyne on 31st October 2022

Microsoft Intune Policies that can Improve your Information Security

Microsoft Intune Policies that can Improve Security

In my recent blog How to Improve Office 365 Security, I mentioned how the Microsoft 365 product suite is perfectly suited for our new flexible approach to working. It gives employees what they need to access key company information and applications from any location and on multiple devices. Although this is a positive, it does introduce new security challenges.

Microsoft have developed tools within the Microsoft 365 product suite to mitigate these new risks. They do this without removing or reducing the benefits around mobility.

One of the three key Microsoft 365 products I mentioned in my previous blog was Microsoft Intune. I am going to look at Microsoft Intune in more detail here, giving you some practical take-aways that you can implement into your security strategy.

A Quick High Level Overview…

As I mentioned in my last blog, Microsoft Intune is a cloud-based computer management, mobile device management (MDM) and mobile application management (MAM) platform for your organisation’s apps and devices. I am going to focus on MDM and MAM in this blog post.

Microsoft Intune allows you to control features and settings on a range of devices, including Android, Android Enterprise, iOS, MacOS. However, the true power of Microsoft Intune comes into play when managing the security of the devices within your organisation. That’s why, rather that focus on the general management elements of Intune, I am going to sharpen the focus on how the product can be used to improve your security.

Using Microsoft Intune to Improve Security…

It’s worth pointing out some of the more broad-stroke security benefits of using Mobile Device and Application Management tools such as Microsoft Intune. They give organisations the ability to manage the following tasks from a single, centralised location:

  • Deploy or retire devices
  • Remote wipe or disable a lost or stolen device
  • Keep an asset list of company mobile devices

But I want to be a little more specific than this by looking at how powerful Intune can be when used in conjunction with Conditional Access to manage the application of Multi-Factor Authentication.

Before I go into it, it’s worth reiterating the importance of Multi-Factor Authentication (or 2FA, as you may know it as).  A recent Microsoft publication highlighted the following:

  • 300,000,000 Fraudulent Daily sign in attempts
  • 81% of breaches are caused by credential theft
  • 73% of passwords are duplicates

A more striking statistic however, is that 99.9% of the above can be blocked with MFA! So that does beg the question- why aren’t more organisations enforcing it?

There are various answers to this question but the common factor between them all is that it’s perceived as annoying and inconvenient. When implemented using an ‘on’ or ‘off’ approach that’s available in basic Microsoft 365 packages, I can definitely sympathise with this criticism. It’s easy to see why being asked to enter a code every time you need to log back into your device becomes a hindrance. But this is where Intune and Conditional Access solves a genuine problem.

During our Microsoft 365 Managed Service onboarding, Circle Cloud implement an Intune Policy that creates the rules for a ‘Compliant Device’. We ensure that fundamental security principles, such as password complexity and OS version, are detailed, monitored, and rolled out to all your company owned devices centrally from Microsoft Intune. Once these parameters have been set, it’s easy to see in the Microsoft Intune portal which devices are ‘compliant’ and if not, why not.

I have provided an example Microsoft Intune policy we use for company devices below:

 

So what does Conditional Access have to do with it? Well, once you’ve defined what a ‘Compliant Device’ looks like using Microsoft Intune (see above), you can create a Conditional Access policy that assesses all connection attempts to your tenant against the ‘Compliant Device’ standards. To put simply, if somebody logs into a device, Conditional Access will check whether it’s ‘compliant’ in the Intune portal. If it is, access will be granted. If not, you can enforce MFA. Doing this means that there is a more sensible approach to how MFA is applied to users, making it much more likely to successfully adopted in your organisation.

Here is an example of a Conditional Access Policy we use. Notice in the ‘Access Controls’ section there is a stipulation called ‘Require device to be marked as compliant’.

 

What about Personal Devices?...

The above refers to scenarios for devices that are owned by your organisation. However, if your company has a BYOD policy, you’re probably wondering how this would look. The big challenge with security on personal devices is that it’s way too intrusive to expect to manage somebody’s full device. This is where Microsoft Intune’s Mobile Application Management comes in.

Mobile Application Management allows you to apply a security layer in front of the application rather than the device. This means that you user can use their mobile phone exactly as the please, however they will be asked to provide credentials should they attempt to access a company application.

Here is an example Microsoft Intune policy for BYOD scenarios. As you can see, you can restrict copying and pasting from company applications, as well as encrypt the organisation’s data when being used on a personal device.

 

Conclusion…

Microsoft Office 365 is enabling our workforces to work effectively from anywhere. Doing so is posing some security challenges, but there are none that can’t be overcome by using the facilities available within the Microsoft product suite. Microsoft Intune is such a powerful way to set and maintain compliance standards for the mobile devices in our organisations. When configured in conjunction with Conditional Access, as demonstrated in this blog post, we can take huge strides towards closing some of the security gaps we’re faced with in this age of remote working.

 
Recent Posts

Some of our happy clients...

Mark Arundale
Managing Director- Sine Consulting

We moved to Circle Cloud just over a year ago because our IT was costing us productivity. There was a lot of downtime and unpredictability, which made running our business harder than it needed to be. Circle Cloud have made things so much more straightforward. Their IT Management Plans are perfect for our needs as a small business. The service is so clear and well designed, we have regular reviews and now have a more proactive and professional provider

Beverly Goodall
Managing Director- Abacus Bean

As the owner of an accountancy practice, there’s so much to think about. I need to stay focussed on our own products and services and making sure our customers are looked after. That’s why working with Circle Cloud has been perfect. They’ve taken away any concerns I’ve had around information security. The initial 30 day onboarding process made such a big difference, and the support we’ve had since has been excellent.

Andy Craddock
Managing Director- Accurate Data Services

In our industry it is critical to be constantly focussed on information security. At Accurate Data Services Ltd we always deal with extremely sensitive data, so remaining one step ahead of IS risk is our top priority.  We wanted to work with Circle Cloud because there IS infrastructure design continuously ticks all of the right boxes, can be delivered quickly and is scaleable.  It really is a comfort to everyone in the business that Circle Cloud are there, constantly having our back and making sure that our IS systems are always best in class.

Tony Crocker
Managing Director- IWC Wills & Probate

Circle Cloud’s IT Managed Service has been brilliant for us. It really is focussed on the security side of things. That matters a lot. When you think about all the emails and information that get shared on a daily basis, there is always that worry that something important might slip through. But Circle Cloud have put everything in place to make sure we’re safe.

Mark Pendlebury
IT Manager- Cosatto Limited

Working with Circle Cloud to implement the transition of our ERP system and SQL server into Azure has been a great choice. They have shown great knowledge of the platform and it's possibilities and have worked closely with us to ensure key project milestones and testing phases were met resulting in a successful and on time go live. Furthermore, they have also offered great advice and help on licensing to ensure costs are kept to a minimum.

Deborah Hugill
IT Director- Nigel Wright Ltd

We needed to modernise our server infrastructure in order to enhance resilience, as well as improve accessibility for our European workforce.  This is why we decided to move to the cloud, however we needed a supplier that could help us on our journey. We found the perfect technology partner in Circle Cloud, who specialise specifically in the Microsoft Cloud. They moved all our applications and files to Microsoft Azure which has proven extremely robust, ticking all the boxes we needed it to.

Urfan Durrani
IT Director- Protec International

As a business we had various challenges from moving a legacy on premise exchange system into hosted Office365 environment. Our Office365 system offers the users almost guaranteed uptime, accessible from any place and device, whilst its management facilities make it easier to monitor and control. The commitment to quality and care by Circle Cloud, provided the management team with assurances.

Craig Kippling
Director- Studio Anyo

We needed a telephone system that offered the functionality of a PBX solution. Circle Cloud were the perfect partner to guide us. They demonstrated how Microsoft Teams itself could be used as our full, business-wide telephone solution. They scoped our requirements and migrated our group to Microsoft Business Voice, which bolts seamlessly onto Microsoft Teams.  Our decentralised workforce can now make and receive business calls from anywhere using mobile apps and laptop headsets. This has proven invaluable over the last year and will assist in our future growth. 

Rebecca Pendlebury
Customer Care Manager- Scamp & Dude

As our Customer Care team grew we soon realised we needed to open up forms of contact for our customers. We also needed a system that was flexible and easy to use. As we already used Teams, it felt natural to incorporate Teams Voice and we couldn’t be happier with the result. As a result of Circle Cloud’s recommendations, implementation and training, we now have a happy team and customers.

Ian Burns
IT Services Manager- Waterton Academy

Circle Cloud’s offer of Office 365 security audits catered for every aspect of the brief, however it excelled in the way it was delivered to us as a customer. The added value area of mapping out detailed next steps alongside flagged areas was highly valued and demonstrated their unique ethos of being able to provide an external sound board/advisory presence and where needed, action change by their internal staff as a commissioned service. Based on the experience we had from Circle Cloud, including value for money, the accuracy and attentiveness from staff, we have now adopted the company as our external consultant for Microsoft cloud technologies.

John Painter
IT Systems & Development Manager- Denbury Homes

In November 2021 Circle Cloud were engaged after a shortlisting process, for a time sensitive tenant to tenant domain migration following a business separation- each tenant being wholly separate to the other. Several companies were contacted and their tools assessed, but none could provide a ‘one stop shop’. The expectation was that end users would see no visible difference with regards to experience or content, with the exception of a new temporary password and new MFA registration process. Circle Cloud were able to achieve this within the tight deadline. Denbury Homes are happy to recommend Circle Cloud for Office 365 and Azure Cloud to Cloud migrations, as well as On Premise to Cloud migrations.

Circle Cloud Limited
Company

Circle Cloud Ltd.
Fusion Hive
North Shore Road
TS18 2NB

  0191 672 7012
  info@circlecloud.co.uk
Products
Company
Social
Accreditation
  • ISO/IEC 27001
    Cert Number: IS 697 097
  • Cyber Essentials Certified
Site by Calm Digital Limited
© 2024 Circle Cloud Ltd.
Drop us a message...
Open Menu Open Menu
Contact Us
Open Menu Open Menu
CONTACT US