protect your mobile apps with modern authentication and microsoft intune · authentication and...
TRANSCRIPT
Michael Bowman, Tarun Chopra
Protect your mobile apps with Modern
Authentication and Microsoft Intune
Objectives
Stay
innovative
CollaborateProtect data
Work
anywhere
Manage access
Employee/end user/
IW goals
IT goals
Easy access
How do you empower users while protecting your most important assets?
Compromised
Credentials
Compromised
Devices
Separate and
Contain
Company
Data
3 big mobile challenges
Strong authentication
6k 63% 80%
99.9%
Multi-Factor Authentication
•Successful authentication (username/password)
•Additional verification using a phone or mobile device
•Easy to configure
•Prevent unauthorized access by requiring another layer of security
Configuring Multi-Factor Authentication
CorporateNetwork
Geo-location
MacOS
Android
iOS
Windows
WindowsDefender ATP
Client apps
Browser apps
Google ID
MSA
Azure AD
ADFS
Employee & PartnerUsers and Roles
Trusted &Compliant Devices
Location
Client apps &Auth Method
Conditions
MicrosoftCloud App Security
Forcepasswordreset
RequireMFA
Allow/blockaccess
Terms of Use
******
Limitedaccess
Controls
Machinelearning
Policies
Real timeEvaluationEngine
SessionRisk
3
40TB
Effectivepolicy
Conditional Access
Enable Modern Auth Support in your Code
• Reach over 1 billion users using one sign in experience
• Securely access user data in any API (e.g. Microsoft Graph)
• Comply with IT policies like device compliance, IT will love you
ADAL SDK Azure Active Directory Authentication Library
• Gives your application access to Microsoft Azure AD capabilities: SSO, MFA support,
Conditional Access support…
• Enables support for Oauth2, Web API integration with user level consent, two-factor
authentication support…
• Free and Open Source Software / Cross-platform
MSAL SDK Microsoft Authentication Library
• Provides a unified developer experience for apps which want to sign in both users
with Azure AD accounts (work and school) and personal Microsoft Accounts.
• Currently preview for Android and iOS
Microsoft Authentication Libraries (MSAL)
Generally available:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries
Compromised
Credentials
Compromised
Devices
Separate and
Contain
Company
Data
3 big mobile challenges
Protect your data on virtually any device with Intune
Enroll devices formanagement
Provision settings, certs, profiles
Report & measure device compliance
Remove corporatedata from devices
Publish mobileapps to users
Configure andupdate apps
Report appinventory & usage
Secure & remove corporate data within mobile apps
Mobile Application
Management (MAM)
Conditional Access:Restrict which apps can be
used to access email or files
Mobile Device
Management (MDM)
Conditional Access:Restrict access to managed
and compliant devices
Device management options allow:• Configuration of WiFi/VPN profiles• Deployment of applications (e.g. LOB or antivirus)• Remote device wipe• …
Compliance enforcement includes:• PIN enforcement on the device• Device-level encryption• Block Jailbroken/Rooted devices• Minimum OS version• …
IT policies are applied at the app level:
• PIN enforcement
• App-level encryption
• Jailbroken/Rooted device detection
• Multi-Identity Support
• Copy/Paste/Save
• …
App Protection Policies
Intune SDK
App Wrapping Tool
Intune SDK
• Intune SDK enables App Protection Policies (APP)
• Protect and separate corporate apps, data and identities from personal
• Built into Microsoft Office, Edge, and productivity apps
• Built into some 3rd party apps
• You can enable APP in your organizations own apps
• Simple cmd-line tool
• No code changes!
• For LOB apps (can also be used for
Store apps with some caveats)
• Full feature functionality
• For Store & LOB apps
Enable MFA
Solve modern workplace security challenges with conditional access and app
protection policies
Simple, easy to use libraries are available for you custom applications
In Summary
References• Prepare line-of-business apps for app protection policies
https://docs.microsoft.com/en-us/intune/apps-prepare-mobile-application-management#feature-comparison
• Intune App SDK Sample
https://github.com/msintuneappsdk/Taskr-Sample-Intune-Android-App
• How to create and assign app protection policies
https://docs.microsoft.com/en-us/intune/app-protection-policies
Provide a consistent and predictable customer experience across Office 365 services, applications and platforms, for key enterprise requirements.
Best productivity and security• no matter which app you’re using
• no matter which platform you’re on
+
=
150MDevices managed by
ConfigMgr & Intune
1.1BAzure Active
Directory Identities
700MWindows 10 PCs
450BAuthentications
per month
135MOffice 365 MAU