MDM and MAM-Describe security, compliance, privacy, and trust in Microsoft 365

Securing devices begins with their enrollment using Microsoft Intune when administrators must decide what type of management they will impose on the device. Mobile Device Management (MDM) grants the organization nearly complete control over the device, requiring the user to comply with all the enterprise policies. MDM even allows an administrator to remotely wipe the entire device if lost or stolen, ensuring that any sensitive data is not compromised further.

MDM is intended primarily for use on company-owned devices; it can be problematic to some users who might not like the idea of granting the organization such comprehensive control over their personal property. For example, MDM policies might require smartphone users to sign on with a password or use another authentication mechanism every time they use their phones—which users might find inconvenient.

The alternative is Mobile Application Management (MAM), which gives administrators control over specific applications running on a device but not the entire device itself. For example, a policy in MAM might require the users to sign in when using Microsoft Exchange to access their email, but MAM cannot require them to sign in every time they turn on their phones. MAM also enables administrators to wipe company data from the phone but only the data associated with the managed applications.

Applications

Applications are the doorways through which users access the data they need, some of which might be highly sensitive. Part of the Zero Trust initiative includes ensuring that the security capabilities built into applications are deployed, such as in-app permissions and other security-related configuration settings. Administrators should also monitor applications for unusual patterns of usage or other behavior.

However, in addition to managing the organization’s applications, IT personnel have another concern. One of the biggest issues regarding application security is company employees’ use of unauthorized applications—sometimes known as shadow IT. At one time, shadow IT mostly took the form of software on personal disks brought into the office and shared among users. Today, however, unauthorized applications are more likely to be installed from the cloud or run as a cloud service.

Any application running on a device that accesses sensitive network data is a potential threat, whether it runs in the cloud or is installed locally. Administrators should take steps to detect the presence of applications that might be dangerous to the network. The process of locating shadow IT applications is called cloud app discovery. Microsoft Defender for Cloud Apps (formerly known as Cloud App Security) is the Microsoft 365 tool that does this.

Microsoft Defender for Cloud Apps is a cloud-access security broker application that scans network resources to detect the cloud applications that users are running. It also can detect unauthorized Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) products that might be in use. The objective here is to detect cloud applications that have not been approved by the IT department and could threaten enterprise network security.

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Popular Posts

  • Summary-Describe security, compliance, privacy, and trust in Microsoft 365
    Summary-Describe security, compliance, privacy, and trust in Microsoft 365

    Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…

  • Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
    Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365

    Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…

  • Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
    Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365

    The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…

Tags

There’s no content to show here yet.