Tag Archives: MDM

App Authentication Gets Easier with Intune

Posted on by
Reply

Remember the early days of MDM (Mobile Device Management)? You know, that company-mandated thing which black-listed your apps, tracked your movements, and monitored which websites you browsed?

We’ve come a long way from those days. Recent developments from Microsoft make authentication and data management easier for both users and for IT admins. Let’s take a look at these newer offerings from Microsoft and how you can benefit from them with our LINK App.

Integration with the Intune SDK and Microsoft Authentication Library

We have integrated the Microsoft Intune SDK and the Microsoft Authentication Library (MSAL) into our LINK App. If you are either an Azure Entra ID user, an Intune user, or both, our integration offers a simpler experience for users and IT alike.

Fewer sign-ins for both frequent and occasional LINK users

Integrating MSAL into our LINK App allows LINK to leverage Microsoft Authenticator as an authentication “broker.” This means that LINK employs the familiar federated sign-in process used by the Office apps from Microsoft. If you are signed-in to Office, you are signed-in to LINK without any additional password prompts. From the security and policy perspective, LINK supports all of your conditional access policies, including:

  • MFA requirements (either with MS Authenticator or a 3rd party such as Duo)
  • Device requirements (e.g., requiring Intune deployment)

Focused security of your data with MAM policies

LINK’s integration with the Intune SDK adds another layer of security and simplicity to managing and securing LINK. In addition to the standard MDM policies and management tools, Intune supports a different type of policy known as Mobile Application Management (MAM). These MAM policies apply to all apps that support the Intune SDK, including the Microsoft suite of apps and 3rd party apps like LINK. Many MAM policies are particularly focused on the careful treatment of corporate data.

Apps with MAM policies can be used together to enable secure workflows. For example, MAM policies allow our LINK App to share a document from a Document Management System to the Word app for secure, yet uncomplicated, editing.

MAM is a great way to ensure the security of your corporate data without asking users to give up any control of their personal devices.

Image Source: Microsoft

LINK for Intune

To add MAM support to LINK, we have released a new app – LINK for Intune. Deploying LINK for Intune offers the same functionality as the “regular” LINK app, and it adds in a deeper integration with Intune so that policies can be applied to LINK even when the device is not MDM-managed.

With these recent developments from Microsoft, we think that the optimal path going forward is:

  • Use the Microsoft Intune SDK and the Microsoft Authentication Library (MSAL) to simplify authentication
  • Advance from “managed devices” to “managed apps” using Intune MAM policies

Are you considering moving to these newer approaches? What questions or observations do you have? You may download our Intune brief here.

-Seth

Seth Hallem is the Mobile Helix CEO, Co-founder, and Chief Architect

Mobile Helix makes the LINK App which is used by attorneys and knowledge professionals to review, edit, annotate, compare, and email documents from a single, secure app.

Crossing Things Off Your To-Do List and Staying In Control While Mobile

Posted on by
Reply

Eureka Light Bulb

Now that we understand why it is so difficult to be productive while mobile, in this third post we turn to a potential solution to this frustrating problem.

For several years now, enterprise software has been designed and built to run inside the corporate firewall, accessible from any web browser inside the company network. This made things so much easier – easier for IT to manage and deploy a single installation rather than software on every desktop, easier for a user to be able to use a company desktop, later a company laptop, and now a personal laptop or computer from home.

Those same systems that are so much more connected and convenient than software on our desktops are preventing our mobile devices from being more useful. Mobile devices can’t easily connect to portals and file repositories behind the corporate firewall. The result is that all those systems must be redesigned to work for mobile. So, how can I access the information that I need to cross things off my to-do list when I am mobile?

Redesigning existing systems is costly, complicated and is not feasible for most IT organizations. Fortunately, there is a better way to expose internal systems to mobile devices with a lot less work and effort. Two technologies, when combined, yield the desired functionality without complete rewrites. The first is secure containerization and the second is HTML5.

Secure containers have been in use for several years and are a natural evolution of MDM (Mobile Device Management). MDM enabled IT to lock down an entire device, monitor its location at all times, and even wipe all contents remotely – including any personal apps, pictures, and videos. A secure container enables IT to control just the corporate data on a mobile device, including the ability to wipe and to set policies on its use, without sacrificing personal privacy. This is good for security and is the first part of the solution. However, to be really useful, the container must also provide access to the suite of applications needed to complete the everyday game of Tetris that is our to-do list.

Enter HTML5 – the technology that is already powering many web based portals behind the firewall. With an HTML5 container, accessing internal resources – whether they are documents in a DMS, a corporate intra-net portal, SharePoint, or other web-based technologies becomes much easier.

An HTML5 container is a native app that provides core functionality like offline access and push-notifications. Enterprise web apps run securely inside the container. Very little rewriting is needed, HTML5 is more portable and future proof than native code implementations for mobile. Most IT teams have a good understanding of HTML5 and are able to write apps using it quickly and easily. Many existing apps that run on the corporate intranet run inside an HTML5 container unchanged. In addition, existing legacy systems like Exchange 2003 and SharePoint 2003 have well documented web-based APIs to access them, making it easy for new web apps to be written on top of legacy systems for mobile use.

The world has gone mobile. Now it’s time for corporate systems to catch up. Let me access my files from my mobile phone without sacrificing security. Let me grab a document from DMS and email it to a client over lunch. Let me quickly take an internal attachment, rename it, and send it to an external client while enjoying a cup of coffee. Enable me to get valuable tasks done whenever I have time instead of later when I’m at the office. Let me get more small inter-dependent tasks done on the go – much like I can quickly turn, twist, and move shapes in Tetris. Then I can get more rows cleared from my to-do list and have more time and more patience for my kids.

Thank you for reading. Please comment below and tell us what you think. We would love to hear your thoughts.

Ilya