Microsoft Strengthens SharePoint Security on Unmanaged Devices

A new Azure Active Directory conditional access policy allows organizations to offer their users secure access to SharePoint on personal devices.

microsoft azure

Microsoft kicked off a public preview of a new Azure Active Directory (AD) feature that promotes mobile productivity while keeping sensitive business data under wraps.

A new limited access option enables administrators to grant their users access to SharePoint on devices they don't manage. Using Azure AD and Intune, Microsoft's enterprise mobile device and application management platform, administrators can already set conditional access policies that block access to business applications and other corporate resources like SharePoint if a device doesn't meet certain requirements.

This generally works well on corporate-owned smartphones, tablets and PCs, but today's mobile work forces often turn to personal and shared devices, explained Nitika Gupta, a program manager in Microsoft's Identity Security and Protection division, in a March 9 announcement.

"Until now, this meant losing productivity by denying access to SharePoint altogether or allowing unsecured download of content. Because of this, IT administrators struggle to find the balance when configuring policies to prevent data leakage of corporate resources while ensuring that employees remain productive."

Microsoft's answer is a new Limited Access to SharePoint and OneDrive option that enforces limited, browser-only access to SharePoint. With the feature enabled, SharePoint's download, print and sync capabilities are disabled, ensuring that no sensitive data remains behind when a user logs off.

Beyond SharePoint, the software giant has been on a mission to help customers keep a tighter lid on their business data as it wends its way across various cloud services.

Last month, Microsoft added a Tenant Restrictions feature to Azure AD that businesses can use to exert more control over the software-as-a-service (SaaS) applications their employees can access. The feature can be used to prevent users from logging into unsanctioned Office 365 accounts, for example, preventing data leaks.

Microsoft also recently announced a collaboration with identity governance specialist SailPoint that strengthens security in highly regulated industries like healthcare.

A new SailPoint-Azure AD integration that extends to on-premises applications allows businesses to offers self-service password resets, access requests and approvals to their work forces. The solution ensures that user access to highly-sensitive applications is granted in accordance to an organization's identity controls for compliance purposes and enhanced security.

Meanwhile, Microsoft is getting ready to launch the new Azure AD administration interface within the next two months, give or take. And the company is asking users to put the updated toolset through its paces by subjecting it to production tasks.

"Over the next month or so, as we work to make Azure Active Directory generally available in the new Azure portal, we’ll be completing transition of the last few features, ironing out some usability issues, fixing any bugs we find, and responding to your feedback," blogged Alex Simons, director of program management at Microsoft's Identity Division.

The redesigned Azure AD management experience features contextual activity logs and reporting, along with enhanced search and filtering capabilities, providing quick access to user access and application usage information.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...