Microsoft Uses Active Directory to Tighten MDM Security
The company capitalizes on Active Directory's user identity management capabilities to lock down mobile data.After extending its embrace to rival mobile platforms, Microsoft is now looking to tighten security in its ecosystem of mobile device management (MDM) solutions. During this week's Ignite conference in Chicago, Microsoft's inaugural event for IT professionals, the company's mobile device management announcements were "very focused on cyber-security in particular," Andrew Conway, senior director of Enterprise Mobility at Microsoft, told eWEEK. Increasingly, the lynchpin in the company's efforts to secure sensitive and private data is Active Directory (AD), Microsoft's user identity and access and platform. In the past, "security was very much about the [network] perimeter," but the explosive growth of mobile device usage in the workplace is forcing security administrators to turn their attention to users, argued Conway. "We have really been focused on these security capabilities, keyed around that identity control plane," he said. Those capabilities include Azure AD Cloud App Discovery, which enables administrators to sniff out rogue mobile apps and other suspicious software that can leak data. Conway said businesses "pretty systematically underestimate the number of SaaS [software-as-a-service] applications in their environment," a blind spot that can torpedo their data security and compliance initiatives.
The new cloud app discovery feature does more than take an inventory of apps on managed devices. "It looks at inbound and outbound traffic," unmasking employees who may be placing company data at risk. Azure AD Cloud App Discovery is now generally available.
Later this quarter, Microsoft will switch on new conditional access and mobile application management capabilities for the Outlook app in Intune, the company's cloud-based MDM platform. This will allow organizations to restrict access to the app if devices don't adhere to their device enrollment and compliance policies. Further, administrators can disallow functions like copy, paste and save, which can be used for the unauthorized transfer data to personal apps. Other mobile security-related announcements included the public preview of Azure Rights Management Document Tracking. In essence, organizations can configure permissions that travel with a shared file, said Conway. If necessary, users can remotely revoke access with a single click. Finally, in preparation for the flood of Windows 10 devices that will ship later this year, Microsoft released the System Center Configuration Manager technical preview for the deployment and management of devices using the company's upcoming operating system. System Center 2012 won't be left out of the loop, assured Conway. With the imminent release of new service packs, "all of our existing customers are covered," he said.