CIO

Microsoft Intune can now block unauthorized BYOD hardware

Microsoft's decision to integrate third-party mobile threat defense software is a sign of bigger things to come for the company's UEM platform.

Microsoft has integrated third-party mobile threat defense (MTD) software with its Intune unified endpoint management (UEM) platform, enabling corporate systems to detect when an employee's unenrolled, smartphone or tablet has an app potentially infected by malware.

The new Intune capability is particularly useful for companies with bring-your-own device (BYOD) policies in that it can block access to enterprise systems on devices flagged by the MTD software.

The mobile threat detection feature on Intune will initially allow it to work with software from Lookout for Work, Better Mobile and Zimperium. "In future, we expect other partners to add support for this integration," Microsoft said via a Monday blog post released during its Ignite conference.

"By blocking compromised mobile devices from [the] ability to access corporate resources like Exchange and SharePoint, this information helps organizations protect the modern workplace against device-based attacks," Microsoft said. "In the past, this capability required end users to enroll their devices with Intune for mobile device management (MDM)."

The new MTD capability is integrated into the MDM client itself so IT shops won't have to enroll users separately – they can be provisioned provision together; that makes BYOD enrollment simpler, according to Nick McQuire, vice president and head of enterprise research at CCS Insight.

The Intune update, McQuire said, is about enabling mobile application management (MAM) features for BYOD corporate programs, which typically require companies to purchase more than one software license.

Microsoft's strategy is to enter the mobile threat defense marketplace – first, through integration deals with third-party MTD providers – and later possibly by creating its own solution or by acquiring a competitor, McQuire said.

IT shops often struggle to find a good MTD product in a relatively nascent marketplace.

"Ultimately, customers don't want to run two different agents on a device and pay separately for mobile threat defense. This is a good step for Microsoft. I think it's a sign Microsoft will go harder into this arena," McQuire said.

Microsoft already offers threat defense software for enterprise PCs and laptops via its Microsoft Defender firewall, so it's a natural evolution to begin offering it for iOS and Android mobile devices.

"Currently, there's no clear winner in the MTD space, so it makes sense for Microsoft to maintain its neutrality. Ultimately, Microsoft will need that capability across all end-points and not just in the PC environment."