How do you securely manage both company-owned and personally-owned devices in your business?
If you’re a Microsoft 365 user, Microsoft InTune can benefit your business.
However, it is essential to know how InTune works before we begin.
I want you to cast your mind back 10, 15 or even 20 years ago and think about how things used to work. All businesses used to have servers physically within their business. Those servers were used for all your IT services, such as email, files and folders, and applications. Only executives or managers worked outside of the office. They used remote access to the company data through a dial-up remote access connection via a big bulky laptop.
Everything was tied to your office when it came to IT. All the security was focused in one place and was much more straightforward. You just needed a bit of antivirus and a nice-looking firewall, and that was done.
Then the cloud came along.
Cloud computing meant that we were no longer tied to the traditional office workspace; massive servers within the office were no longer necessary. We could work from anywhere, at any time, on any device. Businesses became a lot more flexible, and the benefits were undeniable.
But as Incredible opportunities opened up, so did the chance of cybercrime.
Once the boundaries of the server and office walls melted away, the data became exposed to numerous threats.
So, in today’s golden age of cloud computing, we want people to have the benefits and keep businesses safe and secure.
This is where Microsoft Intune can help your business protect company-owned and personal devices, so freelancers and employees are covered by conditional access. We’ll also talk about the feature of autopilot.
Licences
The first thing that we need to look at is how to get InTune. You must have the correct Microsoft 365 licence, or you won’t have any access.
We always recommend that clients get the Business Premium licence which includes InTune. InTune is also available in the enterprise version of Microsoft 365, such as Microsoft 365 E4 and E5.
Business Benefits
Company Owned Devices
As a business, you will own some PCs or Laptops. You might have all these devices in one office, or some employees work from home or even from different countries. You are making sure that at all times may seem daunting.
One of the ways you can ensure that your data is secure is by providing BitLocker enabled. This will encrypt your hard drive so that your data cannot be accessed if lost or stolen.
Ensuring that each device has Antivirus software installed can also protect your data by preventing viruses from getting on devices. InTune can assist with this because you can set up rules that each device has to follow to set up your data. E.g. every device will be labelled as non-compliant. You can then block the device from accessing your data.
Personally Owned Devices
Within the modern working world, we don’t only use employees on our payroll; we also use sub-contractors and freelancers.
This means they don’t use your business’s devices; many use their own. Employees also sometimes use their own devices when working from home.
In both of these examples, they’ll need securely access to the company data.
InTune can help by using MAM, Mobile Application Management and windows information protection.
Let’s give an example. Imagine a freelancer working for you, but you still need to supply them with a company laptop. They have got to use their personal laptop.
Installed applications such as Spotify, Evernote, and even games such as Minecraft are installed on their laptops. None of these has anything to do with your business.
With Microsoft InTune, create a policy which essentially publishes your company application and data onto the user’s professional laptop. It effectively forms a boundary.
On one side, there are applications unrelated to the business, and on the other, there is company data.
This means they can work on your company applications and access your stay within that boundary but cannot copy a document or file out of your SharePoint onto their laptop. The data is also encrypted and easy to wipe from the computer.
Mobile Phones
The Third benefit of Microsoft InTune is for employees who want to access their work data or emails on their devices, such as Mobile phones.
How many people in your business have personal smartphones and your company applications installed on them?
Lots of businesses do not usually give this a second thought. However, these devices are controlled by the people who have access to your data 24/7.
As a business owner, you must keep your data secure.
The first obvious step would be not to allow employees the data on their phones. However, sometimes this isn’t practical. Sometimes it can assist employees’ productivity and keep them on top of the work.
So what do you think you could do?
The last thing you want to have to do is buy each employee a smartphone.
It’s probably no surprise that the answer is: InTune.
You can create policies for smartphones that make up rules that the devices must follow to access your data.
For example, one rule could be that iPhones have the minimum software version running. This is a crucial control of the Cyber Essentials Framework.
Another rule you could have dictates if someone wants email on their phone, They must have a 6-character pin on their iPhone.
Those are just two examples, but you can go into detail.
Another excellent benefit is remotely wiping the device of all your company applications without touching their items.
Conditional access
What is conditional access?
When explaining what conditional access is, it helps to use an analogy.
Imagine you turn up one night at a nightclub.
The nightclub has two conditional access policies: you must have a ticket, and you cannot wear jeans.
So, if you’ve got a ticket, but you’re wearing jeans, you’re not getting in, and visa versa.
You need all conditions of access to get in.
Do you know how you work within Microsoft 365?
You could set a policy stating that anyone accessing the data must have a multifactor authenticator enabled and be within the UK.
AutoPilot
The last excellent feature that I will discuss is AutoPilot.
Autopilot simplifies the set-up of new devices with your business.
With windows autopilot, one of your users could box a new laptop, switch it on, and it will ask for your Microsoft 365 password and username.
They’ll enter their Microsoft 365 details, and the device will configure itself.
It will install every application you need, including settings and security configurations. Obviously, as an IT company, we absolutely love using this feature. However, it is massively beneficial to any staff who work remotely as well as end users, as it allows you to fully set up a new device in minutes.
As you can clearly tell, Microsoft InTune is an extremely beneficial tool for you and your business to use.