Tag Archives: Azure

App Authentication Gets Easier with Intune

Posted on by
Reply

Remember the early days of MDM (Mobile Device Management)? You know, that company-mandated thing which black-listed your apps, tracked your movements, and monitored which websites you browsed?

We’ve come a long way from those days. Recent developments from Microsoft make authentication and data management easier for both users and for IT admins. Let’s take a look at these newer offerings from Microsoft and how you can benefit from them with our LINK App.

Integration with the Intune SDK and Microsoft Authentication Library

We have integrated the Microsoft Intune SDK and the Microsoft Authentication Library (MSAL) into our LINK App. If you are either an Azure Entra ID user, an Intune user, or both, our integration offers a simpler experience for users and IT alike.

Fewer sign-ins for both frequent and occasional LINK users

Integrating MSAL into our LINK App allows LINK to leverage Microsoft Authenticator as an authentication “broker.” This means that LINK employs the familiar federated sign-in process used by the Office apps from Microsoft. If you are signed-in to Office, you are signed-in to LINK without any additional password prompts. From the security and policy perspective, LINK supports all of your conditional access policies, including:

  • MFA requirements (either with MS Authenticator or a 3rd party such as Duo)
  • Device requirements (e.g., requiring Intune deployment)

Focused security of your data with MAM policies

LINK’s integration with the Intune SDK adds another layer of security and simplicity to managing and securing LINK. In addition to the standard MDM policies and management tools, Intune supports a different type of policy known as Mobile Application Management (MAM). These MAM policies apply to all apps that support the Intune SDK, including the Microsoft suite of apps and 3rd party apps like LINK. Many MAM policies are particularly focused on the careful treatment of corporate data.

Apps with MAM policies can be used together to enable secure workflows. For example, MAM policies allow our LINK App to share a document from a Document Management System to the Word app for secure, yet uncomplicated, editing.

MAM is a great way to ensure the security of your corporate data without asking users to give up any control of their personal devices.

Image Source: Microsoft

LINK for Intune

To add MAM support to LINK, we have released a new app – LINK for Intune. Deploying LINK for Intune offers the same functionality as the “regular” LINK app, and it adds in a deeper integration with Intune so that policies can be applied to LINK even when the device is not MDM-managed.

With these recent developments from Microsoft, we think that the optimal path going forward is:

  • Use the Microsoft Intune SDK and the Microsoft Authentication Library (MSAL) to simplify authentication
  • Advance from “managed devices” to “managed apps” using Intune MAM policies

Are you considering moving to these newer approaches? What questions or observations do you have? You may download our Intune brief here.

-Seth

Seth Hallem is the Mobile Helix CEO, Co-founder, and Chief Architect

Mobile Helix makes the LINK App which is used by attorneys and knowledge professionals to review, edit, annotate, compare, and email documents from a single, secure app.

IRM Master Class at ILTA>ON

Posted on by
Reply

Learn about Information Rights Management – what it is and how it is implemented – on Wednesday, 8/26/2020, at ILTA>ON.

Our CEO and Chief Architect, Seth Hallem, will be presenting an educational Master Class on using Information Rights Management to prevent data leakage at ILTA>ON. Note: this is an educational session, not a promotion of our LINK app.

What You Will Learn

What is Rights Management? This class will dive into what rights management is, how it works, and who the major providers are. The introduction to the class will discuss the goals of Information Rights Management, what specific security problems IRM solves, and some of the major challenges IRM presents, particularly focused on how to navigate the trade-off between protection and practicality with IRM technologies.

Microsoft (Azure) Information Management: We will then spend the second portion of the class diving into Microsoft’s Information Protection (formerly known as Azure Information Protection) technologies, how those are implemented both on-premise and with Azure, and how they work for documents and emails. In this section we will dive into the architecture of Microsoft’s Information Protection, the benefits/disadvantages of this architecture, and how this particular implementation fulfills the security promises of IRM outlined in part 1.

Challenges with IRM: We will also dig into the challenges with IRM, and why IRM has not yet become a standard requirement for a secure enterprise.The class will conclude with a step-by-step outline for how to get started with Microsoft Information Protection. The goal of this section is to provide enough hands-on details to allow the attendees to get started down the IRM path with a clear vision of how it works, how to get started, and how to manage the trade-offs between security and flexibility based on the protection requirements for a particular client or matter.

When: Weds., August 26, 2020 at 11:30 AM – 12:30 PM CT / 5:30 – 6:30 PM BST

Where: ILTA>ON Registrants will join via Zoom

Bonus: All attendees will be entered in our drawing for a $200 Amazon Gift Card.

Recording: If you would like a link to the recording after Aug. 26th, email me at [email protected] or request it via the ILTA>ON platform.

-Maureen