Microsoft Intune App Protection Policies demo and discussion

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey there adam brewer senior technical specialist at microsoft covering security compliance and identity and today i'd like to show you a better way to do bring your own device so let's back up a step bring your own devices the idea that you can as an employee bring your own device a device that you personally own like say your personal iphone or android device and use it to get access to company resources and most commonly mail contacts calendars and cloud storage files now usually if your company is like most companies they've said okay that's fine but you have to enroll your device first enrollment sounds kind of scary and it kind of is because it gives your company a tremendous amount of control over your device including the ability to wipe everything on it and gives them visibility into things that are potentially uncomfortable as well no it doesn't give them access to read all your text messages or view all your web browsing history but certainly there's more there than probably should be and so there's a couple of interesting things that have been happening on this front apple and google have been taking their platforms and restricting the amount of control that organizations can have on devices that don't belong to them that's a great thing and so for a lot of companies if you're in it and you're used to managing people's devices well guess what a day is going to come when you can do less and less and less than you're accustomed to that's great for users and honestly great for you too but what if there's still a better way than managing the device altogether what if we don't need to manage the device after all since most users just want mail contacts and calendars what if we could just control the app and put the controls on the app well we do that we do that today with microsoft intune in a technology called app protection policies this is a way you can deliver policy straight to an app even on a device that's unmanaged so a device can walk out of let's say the apple store and a person in your organization can download the microsoft outlook app sign in with their user id and password and hopefully mfa and start to get their email but as long as they get their email they also get some policy controls on that application maybe things that prevent things like cut copy and paste outside of corporate email or prevent attachments from moving to non-corporate resources and you can do all this without managing the device so for most people why would you ever need to manage the device answer you don't so let me show that to you right now this is intune app protection policies so here i'm in the microsoft endpoint manager portal configuring my app protection policies and i've got one already built and i'm just going to hit you with the highlights so i first pick which applications i want to target and by the way i'd like to point out that there's a ton of competitive products in here i see box cisco jabber of course all of the microsoft apps across the board let's see citrix share file tableau zoom blue jeans all sorts of competitors to microsoft support internet protection policies so truly not just a microsoft technology now i can set a whole bunch of controls on applications but i want to call out a couple of highlights i can restrict company data from only flowing to other apps that are also under policy management i can ensure that my company data is not backed up to icloud or to google i can ensure that cut copy and paste is only allowed to other policy managed apps i can set a pin for access i can set a timeout period i can set conditional launch capabilities like you must be running ios 14 you must not be jailbroken your account must not be disabled and if any of those things are true we're either going to block your access or wipe all of the data in the app a lot of the same controls you rely on through mdm you don't actually need mdm to do you can do it at just the application level and deliver that great user experience so speaking of user experience let's jump over to my iphone and show you that right now so we're off and running on my iphone here i've on my home screen and what i'm going to do first is dive into the outlook app now right when i try to sign in you notice i get prompted for my biometric for touch id this would also support face id if i had a newer iphone or i could enter my pin and you can also set requirements around when and how users can use biometric or when they have to use their pen so i'm going to scan my fingerprint here and now i'm in outlook app now one thing i want to point out to you is i have access to both my personal gmail account as well as my corporate account what i'm going to do to start is i've got a message down here from lydia that includes some budget information for the year so i'm going to go into this email with the budget for the next four quarters and i'm going to copy this to the clipboard so do a copy here now i'm going to try to open a new email and i'm going to paste that in there like you've probably done a million times paste and there it goes no problem right now if i try to switch who i'm sending the message from i get told i can't do that now of course maybe i'm really really really wanting to leak this information outside my company so i'm going to try to trick it i'm going to open a new email first then i'm going to switch my sender to my gmail account and now i'm going to try to paste that content i get told i can't do that this is multi-identity support right inside of the outlook app that knows that that organizational data can't be pasted outside of organizational context now what if i try to take this outside of outlook here i'm going to go to apple notes and i'm going to create a new note i'm going to try to paste it in here same experience because this app is not under policy management i can't open or i can't paste the content in there so now let's go back and try some of this with an attachment so i've got a proposal here from alex and i'm going to tap in that proposal and it's going to open in the the ios viewer initially but i can kick it over to the office app so i'm going to tap on open office and now the office app is going to open up now notice that i'm allowed to do this because the office app is under policy management as well as outlook so this is an allowed way i can move that attachment data right but if i had tried to let's go back to outlook here if i had tried to take that word document and send it to a not policy managed app look what happens here's my ios share sheet notice how it only shows microsoft applications other applications that also have policy applied i can't put this in google drive or icloud drive or dropbox i have to use only the applications that are under policy management by my company so it really keeps all of your company data inside of if you will pardon the name the circle of trust so let's go back to that office app where i'd open that attachment from my outlook remember how i have some content on the clipboard with that budget information let's try to paste that here in this word doc now this time the paste worked why did it work this time because this is a corporate document in a corporate context and i'm allowed to do cut copy and paste between applications provided everybody's in the circle of trust everyone's under policy management so that's a super quick demo that shows you how you can apply policy at just the application level to keep all of your company data safe while not doing the big brothery type of mdm management that honestly no longer serves your companies or your employees purposes this is a way better solution for all of those byod scenarios and i would encourage you to check out our documentation and try it out for yourself that's it that's intune app protection policies part of microsoft endpoint manager and i encourage you to try these out and if they work for you roll them out for all your byod use cases your i t department your help desk and most importantly your people will thank you thanks so much for watching like and share and i will see you next week
Info
Channel: Adam Brewer
Views: 18,834
Rating: undefined out of 5
Keywords:
Id: apHax2NvNlc
Channel Id: undefined
Length: 9min 3sec (543 seconds)
Published: Sat Nov 14 2020
Related Videos
MDM vs MAM: What’s the Difference?
JumpCloud
5.1K
BYOD apple device enrollment scenarios and demo for User enrollment and Device enrollment scenarios
AnubhavinIT
15K
Why European Businesses Kinda Suck.
TLDR Business
66K
What is Microsoft InTune?
Cloud Collective
97K
INSANE OpenAI News: GPT-4o and your own AI partner
AI Search
386K
26 Incredible Use Cases for the New GPT-4o
The AI Advantage
84K
How to set up App Protection Policies in Microsoft Intune
Harry Lowton
27K
Intune MAM vs MDM: What's the Difference?
Matt Soseman
26K
S02E27 - Configure Conditional Access & App Protection Policies for iOS in Microsoft Intune - (I.T)
Intune Training
18K
What Is Microsoft Intune? (Microsoft Endpoint Manager)
Harry Lowton
206K
Microsoft Intune MDM Training | iOS User Enrollment
T-Minus365
41K
The Dire State Of Intel...What Happened?
Logically Answered
125K
Protecting Corporate Data on iOS and Android Devices
T-Minus365
4.1K
Microsoft's New PHI-3 AI Turns Your iPhone Into an AI Superpower! (Game Changer!)
AI Revolution
44K
How Can Passkeys Possibly Be Safe?
Ask Leo!
12K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.