How Microsoft Intune and Conditional Access Keep Endpoints Secure

by Neal Zimmerman 0 Comments

Whether it’s to reduce risk, lower cost, or increase productivity, it’s safe to assume that by this point your firm is operating in the public cloud—at least to some extent. (If not, let’s have a separate conversation.) And while we commend you for completing your migration, it’s our job as your Microsoft 365 partner to ensure your workforce is operating safely, smartly, and securely.

As the line between home and work continues to blur, more and more clients are coming to Agio to help architect their company-owned and bring-your-own (BYO) device policies. One of the most efficient and effective ways to do this is by leveraging Intune, Microsoft’s integrated endpoint management platform.  

What is Microsoft Intune?

Microsoft Intune keeps Microsoft 365 users productive and protected. The platform is comprised of features and policies that help firms manage and safeguard the growing list of company-owned and BYO-devices used by employees. These features include: 

  1. Windows 10 provisioning 
  2. Mobile ecosystem management 
  3. Office 365 application management 
  4. Conditional access 

We like to think of it this way: If an employee’s device is the canvas, then Microsoft Intune is the brush, and the policies are the paint. Firms entrust Agio to use the brush (Intune) to apply paint (policies) to their canvases (devices). 

As more and more firms plan to work from anywhere for the long haul, IT leaders are leaning on Agio to “paint” their device policies and ultimately secure corporate data. 

How Firms Leverage Conditional Access

One of Intune’s key features, conditional access, proactively reduces risk in your environment by allowing you to define and enforce who can access company data, devices and apps, and under what specific conditions.  

Many commonly used conditional access policies are device-based, meaning only managed and compliant devices can access email, Microsoft 365 services, Software as a Service (SaaS) apps, and on-premises apps. These device-based policies can include, but are not limited to:

  • Device encryption 
  • Password requirements 
  • Lock screen/session timeout length 
  • Jailbreak detection 
  • Maximum/minimum OS version 

Conditional access can also be location or network-based, meaning employees can only access company data from within an approved corporate network. Taken a step further, users can be allowed or denied access to corporate Wi-Fi or VPN resources based on whether the device they’re using is managed and compliant with Intune device compliance policies. 

Why Clients Depend on Agio’s Expertise

Because of their complex nature, Microsoft Intune and conditional access policies can be risky for firms to configure and manage without the support of an experienced partner. One misstep—such as implementing too many policies before fully understanding how they interact with each other—can put firms in quicksand, so to speak. Once you start sinking, it can become difficult to pull yourself out.  

For over a decade, Agio has been keeping organizations out of quicksand. As a Microsoft Gold Partner, we work with the Microsoft FastTrack program to help our clients onboard and adopt the cloud services included in their paid subscription.  

Give us a call as you plan for 2021 and the evolution of your work-from-home strategy and device policies. We’re here to help.