As most of the world is working from home due to the current COVID-19 pandemic, ITPros are busy helping users securely access corporate resources. We have put together this blog to share how we can protect and secure an organization's resources and data while providing a better user experience and increase the productivity using Microsoft Intune (Microsoft Endpoint Manager -Intune).
Microsoft starts with a solid foundation and all users need to use a secure device to access Microsoft resources. Some of the access policy highlights.
As most of you aware, by using Intune, organizations can deploy security policies to secure devices. By doing this, ITPros can make sure that only authorized users and devices get access to proprietary information. In this post, I am going to share some details about how we are managing and securing our devices utilizing Conditional Access policies, Mobile Threat Defense agent (MTD) and Advanced Threat Protection (ATP).
How are Conditional Access policies applied?
Intune and Azure Active Directory work together to make sure only managed and compliant devices can get access to corporate resources like email, VPN, etc. As part of the conditional access policies enforcement, we created multiple compliance policies in Intune to evaluate the compliance status of the devices. These compliance policies check for configurations such as, device encryption, Password/PIN configuration, MTD and ATP status. Compliance status from Intune is update in AAD to enforce the Conditional Access policies created in AAD. Currently we have multiple Conditional Access policies enforced and all devices need to meet the criteria to gain access to corporate resources. In our environment we chose a two phased approach to enforce Conditional Access policies.
Phase 1: What would happen if we enabled Conditional Access policies for all users today?
We have applied conditional access policies in ‘read only’ to all users across Microsoft. This helped us to avoid protentional impact by identifying the impacted devices.
Phase 2: Enforcement of policies
Enforce the Conditional Access policies after working with impacted users from phase 1 so while accessing application evaluate the Conditional Access policies status.
As part of conditional Access enforcement All devices must be managed to access O365 resources.
The following policy is currently rolling out to all corporate users
We hope this post has given you some ideas on how to implement secure access by helping users to improve productivity.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.