Monitoring App used from Personal devices

%3CLINGO-SUB%20id%3D%22lingo-sub-1553306%22%20slang%3D%22en-US%22%3EMonitoring%20App%20used%20from%20Personal%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1553306%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20can%20MCAS%20be%20used%20to%20monitor%20app%20usage%20from%20a%20personal%20device%20in%20someone's%20home%20that%20has%20never%20had%20a%20need%20to%20connect%20to%20corporate%20resources.%20That%20an%20employee%20then%20decides%20to%20use%20it%20for%20work%20purposes%20without%20telling%20anyone.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1553306%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1554677%22%20slang%3D%22en-US%22%3ERe%3A%20Monitoring%20App%20used%20from%20Personal%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1554677%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1096%22%20target%3D%22_blank%22%3E%40Dean%20Gross%3C%2FA%3E%2C%20Excellent%20question!%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fhtml%2Fimages%2Femoticons%2Fsurprised_40x40.gif%22%20alt%3D%22%3Asuprised%3A%22%20title%3D%22%3Asuprised%3A%22%20%2F%3E%3C%2FP%3E%3CP%3EI%20might%20have%20thought%20that%20might%20get%20captured%20in%20Intune%20%26amp%3B%20Conditional%20Access%20-%20but%20would%20like%20to%20understand%20how%20this%20scenario%20would%20play%20out%20using%20*just*%20the%20MS%20Security%20tools%20from%20a%20completely%20anonymous%20device%20type%20of%20process.%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1581095%22%20slang%3D%22en-US%22%3ERe%3A%20Monitoring%20App%20used%20from%20Personal%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1581095%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B-ERR%3AREF-NOT-FOUND-%40Dean%20Gross%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EGiven%20that%20the%20corp%20resources%20require%20a%20sign-in%20using%2C%20for%20example%2C%20Azure%20AD%2C%20then%20the%20user's%20device%20will%20be%20taken%20into%20account%20as%20a%20risk%20factor%20for%20Conditional%20access%20-%20based%20on%20the%20policies%20set%20by%20the%20org%20the%20sign-in%20might%20fail%20and%20the%20user%20might%20be%20required%20to%20MFA%20to%20make%20sure%20he%20is%20who%20he%20claims%20to%20be.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F133930%22%20target%3D%22_blank%22%3E%40Alex%20Esibov%3C%2FA%3E%26nbsp%3Bto%20add%20additional%20comments%20if%20needed.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBoris%3C%2FP%3E%3C%2FLINGO-BODY%3E
Respected Contributor

How can MCAS be used to monitor app usage from a personal device in someone's home that has never had a need to connect to corporate resources. That an employee then decides to use it for work purposes without telling anyone. 

2 Replies

Hi @Dean Gross, Excellent question! :suprised:

I might have thought that might get captured in Intune & Conditional Access - but would like to understand how this scenario would play out using *just* the MS Security tools from a completely anonymous device type of process.  

Hi @Dean Gross 

 

Given that the corp resources require a sign-in using, for example, Azure AD, then the user's device will be taken into account as a risk factor for Conditional access - based on the policies set by the org the sign-in might fail and the user might be required to MFA to make sure he is who he claims to be.

@Alex Esibov to add additional comments if needed.

 

Boris