Mobility Part 2: Implementing Mobile Device Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Welcome back. Security minded Starbury ins to the M s. 3 60 File Security Administration course.
00:06
I'm your starter, Jim Daniels.
00:08
We're still a Model three Industry 65 Threat Protection.
00:12
Let's inform ability,
00:14
but we are going to look at mobile device management
00:19
upon completion of this video. Westen
00:21
I have the extreme confidence that you will know how to compare Indian Office 3 65 and, in turn,
00:29
configured policy settings for mobile devices
00:31
and describe conditional access and how it's used in indium
00:37
mobile device management. Indium is an industry standard for managing mobile devices such as smartphones, tableaus, laptops, even that stops.
00:46
Indiana is implemented by using a MDM authority and Indian clients
00:53
Microsoft offers to MGM Authorities Solutions in Tune
00:57
an Indian for office 3 65.
01:00
I will go ahead and say
01:02
in soon is currently in a phase to be renamed into
01:07
in point manager.
01:10
So where you see in tune here by the time you look at this video may actually say in point manager. So in tune in point manager,
01:18
they are blurring together, and it's gonna be the same thing.
01:22
All right,
01:23
so let's look at the comparison between office 3 65 Indian and into an Indian
01:30
office. 3 65 MDM That comes when you have a 3 65 10
01:34
that allows for basic
01:38
configuration and basic 03 cc file related actions. You can detective something's jail broken.
01:45
You can remove of 3 65 application data from mobile devices to selective wife. Wonder corporate data. Prevent access to email and documents based on enrollment compliance policies. You do have some tools,
02:00
but for the enterprise level Indiana, you definitely want to move up to something like Microsoft Intern,
02:07
Indian policies and profiles or groups of settings that control features on mobile devices.
02:13
When you create policies of profiles, you deploy them by signing them to groups
02:17
in the Indian for 03 65 you could manage the following mobile device settings
02:23
organization wide device access settings and device security policies
02:28
and into you manage these additional settings. So those plus he's
02:35
vice enrollment restrictions,
02:37
device compliance policies, device configuration policies, conditional access and software updates,
02:45
conditional access with intern
02:46
conditional access. We talked about it previously.
02:50
It provides grain your access
02:52
to keep your corporate data secure on giving users and experience that allows them to do their best work from any device
02:59
and from any location.
03:00
Conditions can be defined that gate access to your data
03:05
based on location,
03:07
advice, state or applications sensitivity
03:10
when we refer to those asked signals previously
03:14
within Azar 80.
03:15
Conditional access for any application with a set of conditions
03:20
in tune adds device compliance and mobile application management into that.
03:25
The Microsoft Cloud at Proxy
03:29
extends
03:30
as a writer director. Conditional access to legacy sso
03:35
oh through 65 conditional access is application level implementation to enforce service that access
03:39
and location restrictions.
03:43
Microsoft Cloud Application Access Session Proxy
03:46
is in line implementation to enforce the vice data access and location restrictions.
03:53
Conditional access and Azure Active directory
03:57
is included with your azar at the director of premium license. People want more pizza,
04:02
so because it is as rugged directory premium that's our court. He won't be too. But you also get it within any of the enterprise Mobility Security suites
04:13
as well as the M s 3 65 suites.
04:16
Here we look at kind of the flow when how conditional access works on the left. Inside these are signals, so we have memberships of groups is device compliance.
04:28
There's application. Have a policy types of it.
04:30
What kind of client is is that mobile is a risk client
04:34
location. G offense is a trusted range. Is that untrusted?
04:39
Risk
04:41
All these signals go into your policy and you can
04:44
Well, I'll access based on the signals. Block access based on the signals
04:48
or enforce multi factor authentication.
04:51
And then I for that they have access to want is protected
04:56
and triggered from
04:59
office 3 65 and azure.
05:01
All right, let's take a look at some of the common conditional access usage with Intern
05:09
network Access Control
05:11
into integrates in with partners to provide access controls. Basically enrollment device compliance. State
05:17
device Risk in tune Partners with mobile threat defense vendors that provided security solution to detect threats So the device risk
05:27
is a continuously calculated score based on various components. It could be your account.
05:33
If it is a anomaly request for something you never request. It could be location.
05:40
Impossible travel things of that nature.
05:43
B Y o D. PC's
05:45
workplace. Join the into management
05:47
users conjoined their personal devices to access corporate resources and services
05:54
application based in tune and as your a D. Work together to make sure only manage zaps can access corporate email or other 03 65 services.
06:04
So for corporate owned PCs,
06:06
you can have two different options. Hybrid as your 80 join.
06:10
This is for organizations that comfortable with how the already managing their PC's on friends.
06:16
You can also do as you're 80 the main join and into management this scenarios for organizations who will be cloud first or cloud only
06:25
to set up Microsoft in tune for device management, you have to configure the Indian Authority bus light and one of three options
06:31
in tune. Indian Authority
06:33
Config manager, Indian Authority or None.
06:38
After you set your Indian authority to intern,
06:41
where you activate your mobile device management service and in tune for 3 65
06:45
you perform some additional task before you can start to enroll. Manage devices.
06:50
Some of the tasks required to deploy NDM
06:54
You configure your domains, friend Ian.
06:56
You can figure all of your AP inserts for IOS devices
07:00
you set up in F A,
07:02
and you need to manage
07:03
device security policies
07:06
if you want to enable users to roll their Windows 10 devices and into Indian
07:12
but he's our discovery. You have to add a DNS record to that domain DNS zone.
07:17
If you're companies, use an azure 80 premium. You can integrate as your A D Within tune
07:23
you configure automatic Indian enrollment.
07:26
See named Ellis Records.
07:29
Here's the or you have enterprise enrollment dot manners at Microsoft dot com
07:32
in a fraud registration dot windows dot net.
07:35
We have this set up in or environment
07:39
toe where, as soon as a user gets a new machine,
07:43
they will again
07:44
it automatically season
07:46
in that automatically enrolls them into the intern.
07:49
Configure in a peon certificate for IOS devices.
07:54
If you are a man's iPad, iPhone and Mac devices by using Indian, you need Apple push notification certain you mean UK securely with these devices
08:03
after you add to serve two into north 3 65 your users can enroll their devices by using either
08:09
the company portal at
08:11
or apples bulk enrollment methods such as Device and Roman program depth
08:16
or Apple School manager or Apple
08:20
Configure writer.
08:22
By default, Apple push notifications start is valid for one year. You have to renew it
08:28
if it does expire before you renew it,
08:31
your enrollment of future IOS devices will fell until that sort is valid.
08:39
Security policies can be implemented by configuring device config profiles device compliance policies in conditional access policies
08:46
into enables you to create an appoint different times of device configuration,
08:50
recording device restrictions and point protection and defender 80 p policies.
08:56
A device Compliance policies specifies the device configuration. It must be met for the device to be considered compliant.
09:05
Conditional access policies enable you to control access to these applications, and resource is
09:11
only if pre rex arm. That's
09:15
but Defoe Users are allowed to enroll all supported device types in the intern
09:20
enrollment. Restrictionists can be configured using these bombing criteria.
09:24
Maximum number of devices a user can a role
09:28
device, platforms
09:30
required of s version and restriction of personally owned devices.
09:35
So you guys will go in and set up your
09:37
corporate device and role in policy.
09:41
If you don't want your device is enrolled,
09:45
you don't have to allow you just not allowing block him right from here.
09:50
Quiz
09:52
by default The A P M Apple push notification certain is valid for one year,
09:56
huh?
09:56
Well, that's
09:58
we just talked about it.
10:01
The answer is true.
10:01
Donald for one year
10:03
if it expires and you don't update it
10:07
on
10:07
registration attempts for in June. From that point, Ford will not be successful
10:13
To recap. Adolescent Indian is an industry standard for managing mobile devices such as smartphones, tablets, laptops and even that's times
10:22
Indian policies and profiles or groups of settings that control features on mobile devices.
10:28
Conditional access provides granular access control
10:31
to help keep your corporate data secure
10:35
while getting users and experience that allows them to do their best work
10:39
from a device
10:39
and for many locations.
10:43
Thank you for joining me. I hope to see you for the next lesson. Take care.
Up Next