The day the first person took a smartphone to work, BYOD (bring your own device) was born. Soon after that, IT rolled out the first Mobile Device Management (MDM) application.
From an innocent beginning, a complex IT infrastructure has emerged around mobile devices, operating systems and apps, along with the network and the server applications they must communicate with on the back end. Enabling users to access data and applications securely has become something of a high-wire act.
Meanwhile, the cloud revolution has further changed the way people use their mobile devices and the way IT manages them. Today, BYOD devices – typically iOS, Android and Windows Phone – are accessing a host of cloud-based productivity applications like Office 365.
No surprise, then, that Microsoft has incorporated much of the necessary MDM functions in Office 365. These features perform three main tasks:
Conditional Access: The smartphones and tablets may be personal, but the permission to connect to email and documents must come from IT. MDM in Office 365 works with Microsoft Intune and Microsoft Azure Active Directory to enable administrators to create security policies on those devices that apply to Word, Excel, PowerPoint and other business applications.
Device Management: When a device is lost or stolen, it is at risk of being used by unauthorized persons to access corporate email or applications. The ability to set and manage device-level PIN locking and detect jailbroken devices goes a long way to preventing the wrong people from using the devices.
Selective Wipe: One of the main reasons for BYOD is the simplicity of using a single device for business and personal tasks. The ability to easily remove Office 365 data from that BYOD device while leaving personal data in place is an essential enabler of the BYOD work style. It gives the company the peace of mind that its data is under its control, while giving the user the assurance that his or her personal data will not suddenly disappear.
The use of cloud-based applications and storage services has raised another commonplace activity – copy and paste – to the level of a security concern. Your user may have a device that’s protected by Office 365 MDM, but if he copies text and pastes it into an insecure application or cloud-based storage service, a vulnerability could arise.
Microsoft Intune, a subscription service that’s part of the Microsoft Enterprise Mobility Suite, enables administrators to restrict cut, copy and paste activities on smartphones, tablets and PCs, so these operations can only be performed with other applications that are managed by Intune.
As smartphones and tablets become more deeply ingrained in the day-to-day workplace, IT departments will continue to walk the tightrope between user needs and robust, enterprise-level security.