Manage Device Access (part 2)

By Ashwin Venugopal -

 



To read part 1, please click here







Create a Conditional Access Policy

A conditional policy includes following settings:
  • Assignments

  1. Users & groups- It specifies users, groups, and directory roles for which the policy applies, or which are excluded from the policy. 
  2. Cloud apps- It specifies the cloud apps for which access is controlled by the conditional access policy.
  3. Conditions- They define when the policy will apply including sign-in risks, device platforms, locations, client apps, and device state.

  • Access controls

  1. Grant- This control either blocks access or specifies additional requirements which need to be satisfied to allow access including requirements like MFA or compliant device.
  2. Session- It can enable limited experiences within a cloud app like app enforced restrictions.   

Conditional Access with Intune

It generally helps in performing the tasks like allow or block access to Exchange on-premises, control access to the network, or integrate with a Mobile Threat Defense solution. There are two types of conditional access with Intune- device-based conditional access and app-based conditional access. 

Note: Conditional access is an Azure AD capability included with an Azure AD Premium license and Intune can enhance this capability by adding mobile device compliance and mobile app management to the solution. 

Device-based conditional access

Intune and Azure AD combined ensures that only managed and compliant devices are allowed access to email, Office 365 services, Software as a Service (SaaS) apps, and on-premises apps. You can also set a policy in Azure AD to only enable computers that are domain-joined, or mobile devices that are enrolled in Intune to access Office 365 services. 

Intune offers device compliance policy capabilities that can evaluate the compliance status of the devices which is reported to Azure AD that uses it to enforce the conditional access policy created in Azure AD when the user tries to access company resources. Device-based conditional access policies for Exchange online and the other Office 365 products are configured through the Azure portal. 

App-based conditional access

Intune app protection policies protects your company data on the devices that are enrolled into Intune. These policies can also be used on an employee owned devices that are not enrolled for management in Intune, however, you still need to ensure that company data and resources are protected.

App-based conditional access and client app management adds a security layer by ensuring that only client apps that support Intune app protection policies can access Exchange online and other Office 365 services. However, if you want to create an app-based conditional access policy, you must have:

  1. Enterprise Mobility + Security (EMS) or an Azure AD Premium subscription
  2. Users must be licensed for EMS or Azure AD   

Monitor Enrolled Devices

Intune and MDM for Office 365 can be used to manage enrolled devices like Windows 10, iOS, and Android devices. You can also view the list of enrolled devices, review their inventory, configure as well as secure devices with the help of policies and profiles, and monitor their Intune activities as well as compliance status while also deploying apps to users and devices and perform remote device management tasks, like removing company data or restarting the device and whatnot.

You can also trigger a device action and view history of the remote action that were run on different devices along with the action, its status, who initiated the action, and the time on the Intune blade. The remotely triggered actions on a device highly depends on the device type and includes the following:

  1. Remove company data
  2. Factory reset
  3. Remote lock
  4. Reset passcode
  5. Bypass Activation Lock (only for iOS devices)
  6. Fresh Start (only for Windows)
  7. Lost mode (only for iOS devices)
  8. Locate device (only for iOS devices)
  9. Restart (only for Windows devices)
  10. Windows 10 PIN reset
  11. Remote control for Android
  12. Synchronize device

MDM for Office 365 can also be used to monitor enrolled devices and to perform device management tasks as it supports a subset of functionality provided by Intune. The following device management tasks can be performed in MDM for Office 365:

  1. Wipe a device
  2. Block unsupported devices from accessing Exchange email using Exchange ActiveSync
  3. Set up device policies like password requirements and security settings
  4. View list of blocked devices
  5. Unblock noncompliant or unsupported device for a user or group or users
  6. Get details about the devices
  7. Remove users so their devices are no longer managed by MDM











To read part 1, please click here









Comments

Post a Comment

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

By Ashwin Venugopal -
Image
  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  From the
Read more

Work with String Data Using KQL Statements

By Ashwin Venugopal -
Image
  Extract Data from Unstructured String Fields Unstructured string fields often contains the Security log data and requires parsing to extract data. There are multiple ways of pulling information from string fields in KQL and the two primary operators used are extract and parse.  Extract It gets a match for a regular expression from a text string. You can convert the extracted substring to the indicated type.  Arguments regex- A regular expression. captureGroup- A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parenthesis.  text- A string to search. typeLiteral- An optional type literal. If provided, the extracted substring is converted to this type.  Returns If regex finds a match in text- the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral. If there's no mat
Read more

Threat Hunting in Microsoft Sentinel (part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Introducing the Microsoft Sentinel Hunting Page Threat hunting is a series activities performed while investigating and as there are no guidelines to perform it, the available tools on the Microsoft Sentinel can be introduced to perform better in your investigations. Firstly, you have to choose the Hunting link in the Microsoft Sentinel navigation menu to get to the Hunting page which is divided into the following sections: The header bar- It is located at the top of the page as usual and contains Refresh as well as timespan drop down menu. The New Query button can help you with creating a new query and the Run all queries button can run all the hunting queries in the background while also updating the hunting query list section with the number of results found.  The summary bar- Here, you can view the total number of queries available to run, the total number of bookmarks, the number of results from running live
Read more