Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and...
Transcript of Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and...
![Page 1: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/1.jpg)
Michael Bowman, Tarun Chopra
Protect your mobile apps with Modern
Authentication and Microsoft Intune
![Page 2: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/2.jpg)
Objectives
![Page 3: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/3.jpg)
Stay
innovative
CollaborateProtect data
Work
anywhere
Manage access
Employee/end user/
IW goals
IT goals
Easy access
How do you empower users while protecting your most important assets?
![Page 4: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/4.jpg)
Compromised
Credentials
Compromised
Devices
Separate and
Contain
Company
Data
3 big mobile challenges
![Page 5: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/5.jpg)
Strong authentication
6k 63% 80%
99.9%
![Page 6: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/6.jpg)
Multi-Factor Authentication
•Successful authentication (username/password)
•Additional verification using a phone or mobile device
•Easy to configure
•Prevent unauthorized access by requiring another layer of security
![Page 7: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/7.jpg)
Configuring Multi-Factor Authentication
![Page 8: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/8.jpg)
CorporateNetwork
Geo-location
MacOS
Android
iOS
Windows
WindowsDefender ATP
Client apps
Browser apps
Google ID
MSA
Azure AD
ADFS
Employee & PartnerUsers and Roles
Trusted &Compliant Devices
Location
Client apps &Auth Method
Conditions
MicrosoftCloud App Security
Forcepasswordreset
RequireMFA
Allow/blockaccess
Terms of Use
******
Limitedaccess
Controls
Machinelearning
Policies
Real timeEvaluationEngine
SessionRisk
3
40TB
Effectivepolicy
![Page 9: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/9.jpg)
Conditional Access
![Page 10: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/10.jpg)
![Page 11: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/11.jpg)
Enable Modern Auth Support in your Code
• Reach over 1 billion users using one sign in experience
• Securely access user data in any API (e.g. Microsoft Graph)
• Comply with IT policies like device compliance, IT will love you
ADAL SDK Azure Active Directory Authentication Library
• Gives your application access to Microsoft Azure AD capabilities: SSO, MFA support,
Conditional Access support…
• Enables support for Oauth2, Web API integration with user level consent, two-factor
authentication support…
• Free and Open Source Software / Cross-platform
MSAL SDK Microsoft Authentication Library
• Provides a unified developer experience for apps which want to sign in both users
with Azure AD accounts (work and school) and personal Microsoft Accounts.
• Currently preview for Android and iOS
![Page 12: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/12.jpg)
Microsoft Authentication Libraries (MSAL)
Generally available:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries
![Page 13: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/13.jpg)
Compromised
Credentials
Compromised
Devices
Separate and
Contain
Company
Data
3 big mobile challenges
![Page 14: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/14.jpg)
Protect your data on virtually any device with Intune
Enroll devices formanagement
Provision settings, certs, profiles
Report & measure device compliance
Remove corporatedata from devices
Publish mobileapps to users
Configure andupdate apps
Report appinventory & usage
Secure & remove corporate data within mobile apps
Mobile Application
Management (MAM)
Conditional Access:Restrict which apps can be
used to access email or files
Mobile Device
Management (MDM)
Conditional Access:Restrict access to managed
and compliant devices
Device management options allow:• Configuration of WiFi/VPN profiles• Deployment of applications (e.g. LOB or antivirus)• Remote device wipe• …
Compliance enforcement includes:• PIN enforcement on the device• Device-level encryption• Block Jailbroken/Rooted devices• Minimum OS version• …
IT policies are applied at the app level:
• PIN enforcement
• App-level encryption
• Jailbroken/Rooted device detection
• Multi-Identity Support
• Copy/Paste/Save
• …
![Page 15: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/15.jpg)
App Protection Policies
![Page 16: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/16.jpg)
Intune SDK
App Wrapping Tool
Intune SDK
• Intune SDK enables App Protection Policies (APP)
• Protect and separate corporate apps, data and identities from personal
• Built into Microsoft Office, Edge, and productivity apps
• Built into some 3rd party apps
• You can enable APP in your organizations own apps
• Simple cmd-line tool
• No code changes!
• For LOB apps (can also be used for
Store apps with some caveats)
• Full feature functionality
• For Store & LOB apps
![Page 17: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/17.jpg)
Enable MFA
Solve modern workplace security challenges with conditional access and app
protection policies
Simple, easy to use libraries are available for you custom applications
In Summary
![Page 18: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/18.jpg)
References• Prepare line-of-business apps for app protection policies
https://docs.microsoft.com/en-us/intune/apps-prepare-mobile-application-management#feature-comparison
• Intune App SDK Sample
https://github.com/msintuneappsdk/Taskr-Sample-Intune-Android-App
• How to create and assign app protection policies
https://docs.microsoft.com/en-us/intune/app-protection-policies
![Page 19: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/19.jpg)
Provide a consistent and predictable customer experience across Office 365 services, applications and platforms, for key enterprise requirements.
Best productivity and security• no matter which app you’re using
• no matter which platform you’re on
+
=
![Page 20: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/20.jpg)
![Page 21: Protect your mobile apps with Modern Authentication and Microsoft Intune · Authentication and Microsoft Intune . Objectives. Stay innovative Collaborate Protect data Work anywhere](https://reader033.fdocuments.in/reader033/viewer/2022042620/5f4949332a27571bad77936d/html5/thumbnails/21.jpg)
150MDevices managed by
ConfigMgr & Intune
1.1BAzure Active
Directory Identities
700MWindows 10 PCs
450BAuthentications
per month
135MOffice 365 MAU