Protect your mobile apps with Modern Authentication and Microsoft Intune Authentication and...

download Protect your mobile apps with Modern Authentication and Microsoft Intune Authentication and Microsoft

of 21

  • date post

    15-Jul-2020
  • Category

    Documents

  • view

    4
  • download

    1

Embed Size (px)

Transcript of Protect your mobile apps with Modern Authentication and Microsoft Intune Authentication and...

  • Michael Bowman, Tarun Chopra

    Protect your mobile apps with Modern

    Authentication and Microsoft Intune

  • Objectives

  • Stay

    innovative

    Collaborate Protect data

    Work

    anywhere

    Manage access

    Employee/end user/

    IW goals

    IT goals

    Easy access

    How do you empower users while protecting your most important assets?

  • Compromised

    Credentials

    Compromised

    Devices

    Separate and

    Contain

    Company

    Data

    3 big mobile challenges

  • Strong authentication

    6k 63% 80%

    99.9%

  • Multi-Factor Authentication

    •Successful authentication (username/password)

    •Additional verification using a phone or mobile device

    •Easy to configure

    •Prevent unauthorized access by requiring another layer of security

  • Configuring Multi-Factor Authentication

  • Corporate Network

    Geo-location

    MacOS

    Android

    iOS

    Windows

    Windows Defender ATP

    Client apps

    Browser apps

    Google ID

    MSA

    Azure AD

    ADFS

    Employee & Partner Users and Roles

    Trusted & Compliant Devices

    Location

    Client apps & Auth Method

    Conditions

    Microsoft Cloud App Security

    Force password reset

    Require MFA

    Allow/block access

    Terms of Use

    ******

    Limited access

    Controls

    Machine learning

    Policies

    Real time Evaluation Engine

    Session Risk

    3

    40TB

    Effective policy

  • Conditional Access

  • Enable Modern Auth Support in your Code

    • Reach over 1 billion users using one sign in experience

    • Securely access user data in any API (e.g. Microsoft Graph)

    • Comply with IT policies like device compliance, IT will love you

    ADAL SDK Azure Active Directory Authentication Library

    • Gives your application access to Microsoft Azure AD capabilities: SSO, MFA support,

    Conditional Access support…

    • Enables support for Oauth2, Web API integration with user level consent, two-factor

    authentication support…

    • Free and Open Source Software / Cross-platform

    MSAL SDK Microsoft Authentication Library

    • Provides a unified developer experience for apps which want to sign in both users

    with Azure AD accounts (work and school) and personal Microsoft Accounts.

    • Currently preview for Android and iOS

  • Microsoft Authentication Libraries (MSAL)

    Generally available:

    https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries

    https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries

  • Compromised

    Credentials

    Compromised

    Devices

    Separate and

    Contain

    Company

    Data

    3 big mobile challenges

  • Protect your data on virtually any device with Intune

    Enroll devices for management

    Provision settings, certs, profiles

    Report & measure device compliance

    Remove corporate data from devices

    Publish mobile apps to users

    Configure and update apps

    Report app inventory & usage

    Secure & remove corporate data within mobile apps

    Mobile Application

    Management (MAM)

    Conditional Access: Restrict which apps can be

    used to access email or files

    Mobile Device

    Management (MDM)

    Conditional Access: Restrict access to managed

    and compliant devices

    Device management options allow: • Configuration of WiFi/VPN profiles • Deployment of applications (e.g. LOB or antivirus) • Remote device wipe • …

    Compliance enforcement includes: • PIN enforcement on the device • Device-level encryption • Block Jailbroken/Rooted devices • Minimum OS version • …

    IT policies are applied at the app level:

    • PIN enforcement

    • App-level encryption

    • Jailbroken/Rooted device detection

    • Multi-Identity Support

    • Copy/Paste/Save

    • …

  • App Protection Policies

  • Intune SDK

    App Wrapping Tool

    Intune SDK

    • Intune SDK enables App Protection Policies (APP)

    • Protect and separate corporate apps, data and identities from personal

    • Built into Microsoft Office, Edge, and productivity apps

    • Built into some 3rd party apps

    • You can enable APP in your organizations own apps

    • Simple cmd-line tool

    • No code changes!

    • For LOB apps (can also be used for

    Store apps with some caveats)

    • Full feature functionality

    • For Store & LOB apps

  • Enable MFA

    Solve modern workplace security challenges with conditional access and app

    protection policies

    Simple, easy to use libraries are available for you custom applications

    In Summary

  • References • Prepare line-of-business apps for app protection policies

    https://docs.microsoft.com/en-us/intune/apps-prepare-mobile-application-management#feature-comparison

    • Intune App SDK Sample

    https://github.com/msintuneappsdk/Taskr-Sample-Intune-Android-App

    • How to create and assign app protection policies

    https://docs.microsoft.com/en-us/intune/app-protection-policies

    https://docs.microsoft.com/en-us/intune/apps-prepare-mobile-application-management#feature-comparison https://github.com/msintuneappsdk/Taskr-Sample-Intune-Android-App https://docs.microsoft.com/en-us/intune/app-protection-policies

  • Provide a consistent and predictable customer experience across Office 365 services, applications and platforms, for key enterprise requirements.

    Best productivity and security • no matter which app you’re using

    • no matter which platform you’re on

    +

    =

  • 150M Devices managed by

    ConfigMgr & Intune

    1.1B Azure Active

    Directory Identities

    700M Windows 10 PCs

    450B Authentications

    per month

    135M Office 365 MAU