Microsoft Uses Active Directory to Tighten MDM Security

By Pedro Hernandez  |  Posted 2015-05-05 Print this article Print
mobile security

The company capitalizes on Active Directory's user identity management capabilities to lock down mobile data.

After extending its embrace to rival mobile platforms, Microsoft is now looking to tighten security in its ecosystem of mobile device management (MDM) solutions.

During this week's Ignite conference in Chicago, Microsoft's inaugural event for IT professionals, the company's mobile device management announcements were "very focused on cyber-security in particular," Andrew Conway, senior director of Enterprise Mobility at Microsoft, told eWEEK. Increasingly, the lynchpin in the company's efforts to secure sensitive and private data is Active Directory (AD), Microsoft's user identity and access and platform.

In the past, "security was very much about the [network] perimeter," but the explosive growth of mobile device usage in the workplace is forcing security administrators to turn their attention to users, argued Conway.  "We have really been focused on these security capabilities, keyed around that identity control plane," he said.

Those capabilities include Azure AD Cloud App Discovery, which enables administrators to sniff out rogue mobile apps and other suspicious software that can leak data. Conway said businesses "pretty systematically underestimate the number of SaaS [software-as-a-service] applications in their environment," a blind spot that can torpedo their data security and compliance initiatives.

The new cloud app discovery feature does more than take an inventory of apps on managed devices. "It looks at inbound and outbound traffic," unmasking employees who may be placing company data at risk. Azure AD Cloud App Discovery is now generally available.

Microsoft's new on-premises Advanced Threat Analytics offering, currently in beta, also hooks into Active Directory to thwart security breaches. Based on technology from the Aorato acquisition in November, Advanced Threat Analytics applies a blend of user behavioral analytics, machine learning and a catalog of known threats to alert administrators of attacks, suspicious user behavior and potential data breaches in real time.

Microsoft Advanced Threat Analytics makes detecting attacks as easy as catching up with friends on Facebook, according to Conway. Instead of poring over logs that contain "a lot of noise," the product's "attack timeline looks like a social networking feed," he said.

Deploying Advanced Threat Analytics is a set-and-forget affair. "Set it up in your environment—do port mirroring over AD—and it establishes a point of view on what is normal behavior," Conway said. "It doesn't require you to set any specific baseline yourself."

Later this quarter, Microsoft will switch on new conditional access and mobile application management capabilities for the Outlook app in Intune, the company's cloud-based MDM platform. This will allow organizations to restrict access to the app if devices don't adhere to their device enrollment and compliance policies. Further, administrators can disallow functions like copy, paste and save, which can be used for the unauthorized transfer data to personal apps.

Other mobile security-related announcements included the public preview of Azure Rights Management Document Tracking. In essence, organizations can configure permissions that travel with a shared file, said Conway. If necessary, users can remotely revoke access with a single click.

Finally, in preparation for the flood of Windows 10 devices that will ship later this year, Microsoft released the System Center Configuration Manager technical preview for the deployment and management of devices using the company's upcoming operating system. System Center 2012 won't be left out of the loop, assured Conway. With the imminent release of new service packs, "all of our existing customers are covered," he said.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel