Skip to Content

The Next Layer of Protection for Identity Management

There’s one thing that stays the same about cybersecurity – it’s always changing. It’s always changing because cyber criminals are constantly evolving their tactics. That means that you can never get to a place where you’ve “arrived” with your security posture. You have to keep adapting and evolving to the ever-changing security threats.

Here at XPERTECHS, it’s our job to make sure that clients have the information they need to stay a step ahead of the bad guys. Right now, we’re talking with clients about adding another layer of security to their identity management processes above and beyond the typical multi-factor authentication (MFA).

When MFA became more popular as the next way to be more secure, it was because cyber criminals were targeting login credentials for online accounts like Microsoft 365. Enforcing MFA on a user’s account, meant that a hacker needed the account holder’s password in addition to their phone to be able to access the user’s account. This made it much more difficult for hackers!

Unfortunately, cyber criminals found a way to get around this by tricking the account holders themselves into authenticating a login. That doesn’t mean that MFA didn’t work, but that the user couldn’t discern a fake login screen from the real one. The person didn’t suspect anything was amiss, so not only did they type in their credentials on the spoofed web page, they allowed the hacker access by providing the MFA token. When this happens, you’ve pretty much given away the “keys to the castle” and the intrusion may go on for weeks without being detected.

Microsoft Intune Secures Devices

This is why we’re helping clients put an additional layer of security in place on their corporate accounts using Microsoft Intune. Microsoft Intune allows organizations to better recognize and allow/deny devices that are connecting to their corporate M365 environment.

Intune doesn’t replace good password management or MFA. Those two security layers are still required! What it does is require end users to register their device(s) into an Intune compliance policy. This ultimately allows organizations to reject/deny access for non-registered, non-compliant devices.

If we used our “keys to the castle” example, here’s what it would look like. An attacker may be able to make their way into the castle after swimming the moat and scaling the wall, but when they get to a door, they’re confronted by a guard who demands to know “friend or foe.”

Related: 7 Tactics for Establishing Need-to-Know Access to Accounts and Information

New Conversations Arise About Company vs Personal Phones for Work

To properly ensure all devices are registered and compliant, the Intune app is installed on every device that an employee uses to access your company files and applications, including their phones.

This raises some questions for employees who are using their personal phones for work. They want to know if Microsoft is going to see all their pictures, text messages and calls. The answer is no, the app isn’t that invasive. End users are simply registering the device so they can access corporate data. The mobile device is not controlled by the organization. The device is simply enrolled and approved to allow access to the data.

Getting Started with Endpoint Management with Intune

Depending on the type of Microsoft license a client has, getting started with Intune doesn’t cost anything except the labor to get the tenant and new policies configured. For clients without the Microsoft Intune licensing, new licensing will need to be procured then the tenant and policies can be configured.

Management of the tool is similar to other software tools. We monitor performance, respond to alerts, do administrative tasks like add or delete a device, and so on.

One of the great things about Intune, besides what it does to lock down your accounts, is that once your employees are set up, they don’t have to take any extra steps.

Need to Up Your Security Game?

If you’re not an XPERTECHS client, you may be wondering if your provider can implement Intune for you. The answer is that they probably can but there’s another question that you should ask and that’s – Why didn’t they bring it up to you in the first place?

As a business leader, you shouldn’t be leading security strategy alone. Your managed IT services provider should be bringing you ideas and information that helps you make confident decisions about security. If you’re not getting that right now, it’s time to up your game.

Contact us to schedule a meeting.