LegalSEC® - Cybersecurity - has Vendor Participation

We’ve come a long way from those days. Recent developments from Microsoft make authentication and data management easier for both users and for IT admins. 

Integration with the Intune SDK and Microsoft Authentication Library (MSAL) 

If you are either an Azure Entra ID user, an Intune user, or both, an MSAL integration offers a simpler experience for users and IT alike.

Fewer sign-ins for both frequent and occasional LINK users

Integrating MSAL into an app allows the app to leverage the Microsoft Authenticator as an authentication “broker.” This means employing the familiar federated sign-in process used by the Office apps from Microsoft. If you are signed-in to Office, you are signed-in to the app without any additional password prompts. From the security and policy perspective, the app can support of your conditional access policies, including:

• - MFA requirements (either with MS Authenticator or a 3rd party such as Duo)

• - Device requirements (e.g., requiring Intune deployment)

Focused security of your data with Intune MAM policies

When an app is integrated with the Intune SDK it adds another layer of security and simplicity. In addition to the standard MDM policies and management tools, Intune supports a different type of policy known as Mobile Application Management (MAM). These MAM policies apply to all apps that support the Intune SDK, including the Microsoft suite of apps and 3rd party apps. Many MAM policies are particularly focused on the careful treatment of corporate data.

Apps with MAM policies can be used together to enable secure workflows. For example, MAM policies can allow an app to share a document from a Document Management System to the Word app for secure, yet uncomplicated, editing.

MAM is a great way to ensure the security of your corporate data without asking users to give up any control of their personal devices.

Specific App for Intune

To add MAM support to an app, there needs to be a specific "App for Intune," approved by Microsoft and published in the App Store. The "App for Intune" adds in a deeper integration with Intune so that policies can be applied even when the device is not MDM-managed.

With these recent developments from Microsoft, we think that the optimal path going forward is:

• - Use the Microsoft Intune SDK and the Microsoft Authentication Library (MSAL) to simplify authentication
• - Advance from “managed devices” to “managed apps” using Intune MAM policies

Are you considering moving to these newer approaches? What questions or observations do you have? 

-Seth Hallem

If you have questions or want to discuss this further, please write to me using support at mobilehelix dot com. I would welcome hearing from you.