Whether it‚Äôs to reduce risk, lower cost, or increase¬†productivity,¬†it‚Äôs safe to¬†assume¬†that by¬†this point your firm is operating in the public cloud‚ÄĒat least¬†to¬†some extent.¬†(If not,¬†let’s¬†have a separate conversation.)¬†And while we commend you for¬†completing your migration, it‚Äôs¬†our job as¬†your Microsoft 365 partner to ensure your workforce is operating safely, smartly, and securely.

With the lines between home and work continuing to blur, more and more clients are coming to Agio to help architect their company-owned and bring-your-own (BYO) device policies. One of the most efficient and effective ways to do this is by leveraging Intune, Microsoft’s integrated endpoint management platform.


2022 hedge fund cybersecurity trends report

What is Microsoft Intune?

Microsoft Intune keeps Microsoft 365 users productive and protected. The platform is comprised of features and policies that help firms manage and safeguard the growing list of company-owned and BYO-devices used by employees. These features include:

  1. Windows 10 provisioning
  2. Mobile ecosystem management
  3. Office 365 application management
  4. Intune conditional access

We like to think of it this way: If an employee’s device is the canvas, then Microsoft Intune is the brush, and the policies are the paint. Firms entrust Agio to use the brush (Intune) to apply paint (policies) to their canvases (devices).

As¬†more and more firms¬†plan to¬†work¬†from anywhere¬†for¬†the long haul,¬†IT leaders¬†are leaning on Agio to ‚Äúpaint‚ÄĚ their¬†device¬†policies¬†and¬†ultimately¬†secure corporate data.

virtual reality

How Firms Leverage Conditional Access

One of Intune’s key features, conditional access, proactively reduces risk in your environment by allowing you to define and enforce who can access company data, devices and apps, and under what specific conditions.

Many commonly used conditional access policies are device-based, meaning only managed and compliant devices can access email, Microsoft 365 services, Software as a Service (SaaS) apps, and on-premises apps. These device-based policies can include, but are not limited to:

  • Device encryption
  • Password requirements
  • Lock screen/session¬†timeout¬†length
  • Jailbreak detection
  • Maximum/minimum OS version


Conditional access can also be location or¬†network-based, meaning employees¬†can only¬†access company data¬†from within an approved corporate network.¬†Taken a step further,¬†users can be allowed or denied access to corporate Wi-Fi or VPN resources based on whether the device they’re using is managed and compliant with Intune device compliance policies.

shared work space

Why Clients Depend on Agio’s Expertise

Because of their¬†complex¬†nature, Microsoft Intune and conditional access policies¬†can be risky for firms¬†to configure and manage¬†without the support of an experienced partner. One¬†misstep‚ÄĒsuch as implementing too many policies before fully understanding how they interact with each other‚ÄĒcan put firms in quicksand, so to speak.¬†Once you start sinking, it can¬†become¬†difficult to¬†pull¬†yourself¬†out.

See also  Look Ahead: Cybersecurity 2024 Predictions for Investment Management Firms

For over a decade, Agio has been keeping organizations out of quicksand. As a Microsoft Gold Partner, we work with the Microsoft FastTrack program to help our clients onboard and adopt the cloud services included in their paid subscription.

Give us a call as you evolve your organization’s work-from-home strategy and device policies. We‚Äôre here to help.

Learn More