Today, Microsoft announced an exciting new capability providing additional benefits to users of apps protected by Microsoft Intune app protection policies. You can read the official announcement here. Zimperium device risk-based evaluation is now integrated with Microsoft Intune for protected apps on non-enrolled devices to add another layer of protection for corporate data in bring-your-own-device (BYOD) scenarios.
Microsoft Intune app protection
Both Microsoft and third-party developers use the Microsoft Intune App SDK to embed security and conditional access into their mobile apps. For example, Microsoft Outlook and OneDrive are enabled for Intune app protection policies, as are apps like Adobe Acrobat.
After integrating Intune App SDK into their app, IT administrator within an organization set policies in Intune to add security. Examples include requiring users to sign into the app or preventing data loss by not allowing users to copy and paste data out of the Intune-protected app to unprotected apps. This allows organizations to get security benefits at the application level, without enrolling the entire device with Intune.
While Intune has provided conditional access to apps on unenrolled devices for years, the new device risk-based evaluation for Microsoft Intune protected apps on non-enrolled devices enables MTD apps like Zimperium zIPS to notify Intune about the risk posture of the device based on detected mobile threats at app launch. Armed with that information, Intune can block a user’s access to the protected app or wipe any local app data off the device until the threat is remediated.
Zimperium zIPS & Microsoft Intune app protection policies
As one of the partners that helped drive requirements for device-risk based evaluation for Microsoft Intune protected apps on non-enrolled devices, Zimperium is excited to help Microsoft Intune customers protect BYOD users and other corporate initiatives.
With Zimperium zIPS and Microsoft Intune, users are protected from attacks in several ways, including:
- When users try to access Intune protected apps, their access is blocked until zIPS is installed.
- Once zIPS is installed, whenever a threat is detected, zIPS will provide the user with instructions on how to remediate the issue and send the appropriate device risk posture to Intune. If the risk posture is “high”, for example, the app may block a user’s access to the MAM-enabled app or wipe any local app data off the device.
- Once the issue is remediated, the user’s access to the app is restored.
Zimperium zIPS (and its management console, zConsole) brings a host of capabilities and advantages to the new Microsoft Intune integration: