Mobile phone security

Mobile Phone Security in the workplace with Microsoft Intune

Cybercriminals attempt to steal data or access your network through your employees' phones. So, mobile phone security is necessary to protect company data.

Why is mobile device security important?

Today’s cybercriminals attempt to steal data or access your network through your employees’ phones and tablets. They’re counting on you to neglect this piece of the puzzle. So, mobile phone security is necessary to close this gap, help to protect the organisation, staff and customers from cyber-attacks and protect the organisation from data loss.

Furthermore, mobile phone security helps you comply with Cyber Essentials, Cyber Essentials Plus, ISO27001 and GDPR. 

Do you need security on a mobile phone?

Mobile phones are a security risk when they have access to company data. So, mobile device security is necessary if you use company mobiles or your employees use their personal mobiles for work.

How can I improve mobile phone security?

You can reduce the security risk by applying a Mobile Device Management (MDM) strategy. For example, software like Microsoft Intune.

How does mobile device security work?

Mobile device security allows you to set policies about what the mobile device is allowed to do. For example, once activated, mobile devices can access company systems such as Microsoft 365.

Mobile device management (MDM) also creates an encrypted partition on the device that separates personal data, unsecured data, software and secure business data. The system prevents the two from interacting. So, for example, if you try to copy a file from the insecure part to the secure section, the software blocks it. As a result, this prevents hackers from accessing company data using errant or compromised software.

Furthermore, MDM can remote wipe compromised data and restrict access to company systems at particular times to promote a healthy work-life balance. Also, it provides content filtering on the company’s internet connection.

However, BYOD users worry that they are giving access to personal data on their phones to the company, but the two are separate. 

Which mobile phone security method is best?

We recommend Microsoft Intune for our customers because it’s part of the Microsoft 365 ecosystem, making it easier for customers to make changes and see reporting. Furthermore, it integrates well with other Microsoft applications on employee mobile devices.

What is in Microsoft Intune?

Microsoft Intune is a cloud-based service that provides mobile device management (MDM) and mobile application management (MAM).

With Intune, you can:

  • Choose to be 100% cloud with Intune or be co-managed with Configuration Manager and Intune.
  • Set rules and configure settings on personal and organisation devices to access data and networks.
  • Deploy and authenticate apps on devices.
  • Protect your company information by controlling the way users access and share information.
  • Be sure devices and apps are compliant with your security requirements.

How does Microsoft Intune work?

Microsoft Intune can control who has access, what they can access and how they can access company data and apps on their work mobile phones. 

Organisation devices

With Intune, you manage devices using an approach that’s right for you. For organisation devices, you may want complete control over the devices, including settings, features, and security. In this approach, devices and users of these devices enrol in Intune. Once enrolled, they receive your rules and settings through policies configured in Intune. For example, you can set password and PIN requirements, create a VPN connection, set up threat protection, and more.

Personal devices

Intune also allows people in your organisation to use their personal devices in the workplace. On personal devices, Intune helps ensure your organisation’s data stays protected and can isolate organisation data from personal data. For personal devices, or bring-your-own devices (BYOD), users may not want their organisation administrators to have complete control. In this approach, give users options. For example, users enrol their devices if they need full access to your organisation’s resources. Or, if these users only want access to email or Microsoft Teams, use app protection policies like multi-factor authentication (MFA). 

When devices are enrolled and managed in Intune, administrators can:

  • See the devices enrolled and get an inventory of devices accessing organisation resources.
  • Configure the devices so that they meet your security and health standards.
  • Push certificates to devices so users can easily access your Wi-Fi network or use a VPN to connect to your network.
  • See reports on user and device compliance.
  • Remove organisation data if a device is lost, stolen, or not used anymore.

Application management

Mobile application management (MAM) in Intune protects organisation data at the application level, including custom applications and store apps. You can use app management on organisation-owned devices and personal devices. You can deploy apps like Microsoft Teams, OneNote, and other Microsoft 365 apps to devices. This feature enables your employees to be productive on their devices while keeping your organisation’s information protected by the policies you create.

Is Microsoft Intune included with office 365?

Microsoft Intune is a standalone product included with particular Microsoft 365 plans.

Can Microsoft Intune see browsing history?

Some employees worry about companies being able to access their personal phone data with Intune, but this is incorrect. Enrolling your device makes certain information visible to IT administrators and IT support people with administrator access but not your personal data.

Your organisation can’t see:

  • Calling and web browsing history
  • Email and text messages
  • Contacts
  • Calendar
  • Passwords
  • Pictures, including what’s in the photos app or camera roll
  • Files
  • Additionally, on corporate-owned Android devices with a work profile:
    • Apps and data in your personal profile
    • Phone number

Your organisation can see:

  • Device owner
  • Device name
  • Device serial number
  • Device models, such as Google Pixel
  • Device manufacturers, such as Microsoft
  • Operating system and version, such as iOS 12.0.1
  • Device IMEI
  • App inventory and app names, such as Microsoft Word
    • On personal devices, your organisation can only see your managed app inventory, which includes work apps.
    • On corporate-owned devices, your organisation can see all apps installed on the device.
    • On corporate-owned devices with a work profile, limited to Android devices, your organisation can only see the apps installed in your work profile.

There are some discrepancies between corporate-owned devices and your own device. So please, contact us for more information on your particular setup. 

Can Microsoft Intune wipe your phone?

When a device is lost or stolen, or if the employee leaves your company, you might want to remove data from company apps on the device. However, you cannot wipe personal data on the device, especially if the device is employee-owned. So, Intune is only able to wipe company data from the phone. 

For more information about mobile device management or Intune, contact Northstar today

Share this post

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Blogs...