1 / 27

Simplify user adoption and increase data security with Microsoft Intune

Simplify user adoption and increase data security with Microsoft Intune. Neil Johnson – Senior Program Manager Matt Shadbolt – Senior Program Manager (@ ConfigMgrDogs ). BRK3005. Agenda. Introduction to Intune App Protection Policies (APP) A PP with Exchange On-premises Troubleshooting APP

staceyn
Télécharger la présentation

Simplify user adoption and increase data security with Microsoft Intune

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Simplify user adoption and increase data security with Microsoft Intune Neil Johnson – Senior Program Manager Matt Shadbolt – Senior Program Manager (@ConfigMgrDogs) BRK3005

  2. Agenda Introduction to Intune App Protection Policies (APP) APP with Exchange On-premises Troubleshooting APP New Features in Intune App Protection Q&A if we have time

  3. Introduction to Intune App Protection Policies (APP)

  4. Introduction to Intune App Protection Policies (APP) APP policies Familiar Office experience • Seamless “enrollment” into app management • Use for personal and corporate accounts Comprehensive protection • App encryption at rest • App access control – PIN or credentials • Save as/copy/paste restrictions • App-level selective wipe MDM mgmt. by Intune or third-party is optional Might be a good solution for these scenarios: • BYOD when MDM is not required • Extending app access to vendors and partners • Already have an existing MDM solution Corporate apps MDM – optional (Intune or 3rd-party) Personal apps MDM policies

  5. Introduction to Intune App Protection Policies (APP) SDK Managed vs Unmanaged APK D Deploy d Add IPA Required vs Available MDM XML Re Configure tire x Key/Value Pairs APP Protect x x x x x x

  6. Enabling App Protection Policies in LOB apps C:\users\bill • Intune App SDK Xamarin Bindings • APP functionality for Android and iOS apps built with Xamarin and Xamarin.Forms • For store & LOB apps • Intune App SDK • Full APP feature functionality • For store & LOB apps • App Wrapping Tool • Simple cmd-line tool • No code changes • For LOB apps (we have seen it used for store apps with some caveats)

  7. Demo

  8. Protecting Exchange On-premises with Outlook and APP

  9. Outlook and Exchange On-premises State of the Nation The Old World… • Legacy issues were related to basic authN and re-use of DeviceID which broke on-premises conditional access • APP SDK need an ADAL token to establish Identity • We couldn’t use APP policies or CA with Outlook The New World… • Exchange now has Hybrid Modern Auth • It uses Azure AD and ADAL for identity, which removes the cached Device ID problem and gives us an identity to use in the APP SDK

  10. Cloud and On-premises Unlocks Mobile application management and conditional access policies for all customers Hybrid Relationship EAS Exchange Server Synchronized Data OutlookDevice API REST Office 365 mailboxes Hybrid Modern Authentication Exchange Online Stateless protocol translator (Azure) Enables Outlook cloud backed features for Exchange Online and Exchange server Drives authentication and authorization methods

  11. Protecting On-premises with APP Demo Speaker name

  12. On-premises HMA specifics Requirements Hybrid Tenant Data synchronization Office 365 Pro Plus licenses Full hybrid relationship with Exchange Online with full directory synchronization Autodiscover and EAS endpoints Internet accessible anonymously Exchange 2013 CU19+ or Exchange 2016 CU8+ Exchange 2010 is not supported in the environment Synchronized on-premises data is stored within the tenant Provides GAL search Provides most capabilities like geographical boundary support, Service Encryption with Customer Key Four weeks of mail data (not configurable) Out of Office settings All calendar data All contacts data Pass-through search

  13. Troubleshooting Intune App Protection Policies

  14. Troubleshooting APP - Requirements • Company Portal Required on Android devices, even if not enrolled with Intune • Azure Authenticator app required on iOS when APP Conditional Access is configured • Identity must be the same across all managed apps on the same device • Application must authenticate end users with AAD via ADAL • Deploy App Configuration Policy ‘IntuneMAMUPN’ with value = {{UserPrincipalName}} for each combination of apps • Requires Intune License

  15. APP First Check-in AAD Authentication & token transfer Intune SDK enforces settings based on policy ContactSyncDisabled = 1, ClipboardSharingLevel = 3, DeviceComplianceEnabled = 1 LOB Intune SDK looks up user account location (scale unit) Intune SDK registers user + app, returns an APP token LOCATION SERVICE APP SERVICE Microsoft Intune Intune SDK queries for policy using APP token User launches LOB app APP policy is delivered to the app

  16. Troubleshooting APP – Policy Refresh • Apps check-in to the APP service every 30 minutes • 30 minute threshold is based on a timer • If the app is active at 30 minutes it’ll check in at 30 minutes • If the app is sleeping at 30 minutes it’ll check in on next focus • If there’s no policy assigned to a user, check-in will occur every 8 hours • If there’s no Intune license is assigned, check-in will occur every 24 hours

  17. Troubleshooting APP - Tools • Troubleshooting Portal • about:intunehelp • APP report • Logs

  18. APP Troubleshooting Demo

  19. New Features in Intune App Protection

  20. New Features in Intune App Protection • Edge browser for iOS and Android • Intune Managed Browser APP parity • Multi-user support • SSO • High user rating BRK3006 - Defend against mobile threats and increase user productivity with Intune-managed Edge browser

  21. New Features in Intune App Protection • Protocol exceptions for data transfer • Allows data to transfer to unmanaged apps • For iOS this means URL protocol exceptions (tel://) • For Android this means package name exceptions (com.android.app) • iOS Examples • tel; telpromt • skype • calshow, maps • Android Examples • com.android.phone • com.google.android.aps.messaging, com.android.mms, com.Samsung.android.messaging

  22. New Features in Intune App Protection • App Protection based on management state • Different APP settings based on enrolled vs unenrolled • User could have one or the other, or both • Scenario • Intune MDM enrolled device gets less restrictions • Non-MDM enrolled devices gets more restrictions • Need to use IntuneMAMUPN app config for apps • Need to use the IntuneMAMDeviceID app config for lob apps

  23. New Features in Intune App Protection • Conditional Launch changes • Conditions checked on app launch • Max PIN attempts • Jailbreak detection • Min OS/app/SDK version • Device model for iOS • Device manufacturer for Android • Actions performed on non-compliance • Warn • Block • Wipe

  24. Q&A

  25. Please evaluate this sessionYour feedback is important to us! From your PC or Tablet visit MyIgniteat http://myignite.microsoft.com From your phone download and use the Ignite Mobile Appby scanning the QR code above or visiting https://aka.ms/ignite.mobileapp

More Related