How Microsoft Intune MDM Keeps Remote Data Safe

By Frank D'Silva | November 25, 2020

Businesses in every industry are still reeling from the quick adjustments to the “new normal” of remote work, and one of the top concerns is cyber security. How can organizations keep track of and manage mobile devices that are accessing their network, both employee-owned and corporate-sponsored?

What is Mobile Device Management (MDM)

Mobile device management (MDM) is software that is used to monitor, manage, and secure employees' laptops, smartphones, tablets, and other mobile devices that are being used in the workplace.

With security and data breaches becoming costlier every year, MDM tools have become essential to the modern workplace, where a good percentage of employees not only work from home, but use their personal mobile devices to access company data.

There are also situations where the company itself owns the mobile devices that employees are using.  This is especially true in healthcare and other heavily regulated industries, where employees are accessing sensitive data that is subject to HIPAA compliance and other similar regulations.

In both situations, whether the actual devices are employee-owned or company-sponsored, a solid Mobile Device Management (MDM) solution needs to be in place to ensure company data is securely managed, monitored, and stored.

Read on to learn exactly how we helped a healthcare organization solve their specific challenges for  managing a mix of employee-owned and company-supplied mobile devices,



What is MDM?



Why We Chose Microsoft Intune MDM 

Our healthcare client had a mix of mobile devices, including Android and Apple iOS, that were being used by employees.

This included roughly 50 iPads that were company-owned and had no specific user assigned.

Note that this is actually a fairly common scenario for many businesses who have field employees, e.g. the company owns the devices but needs them to be utilized by different users at different times, and therefore do not want to assign specific employees.

After an in-depth strategic IT planning session with the client, it was proposed that Microsoft Intune be used as the MDM solution of choice, combined with their Microsoft Enterprise Mobility and Security E3 Suite licensing.

Below you will find the detailed process of the exact steps we took to get Microsoft Intune up and running, and how this solution can help any organization protect their critical company data.


How We Implemented Microsoft Intune - 4 Key Steps


Step 1: Conduct Initial Planning and Design Session

The initial planning and design phase required many hours of careful documentation, including listing every individual in the organization who would require Microsoft EMS E3 licensing.

This first step was necessary to ensure cloud security was provided for all the devices that were utilizing Microsoft 365.

After documenting the iOS and Android devices used by all employees in the company and setting up a remote wipe policy in case of device theft, 5 Android devices and 2 of the 50 iPads were chosen as pilot test users.

These users were in constant contact with the assigned Ntiva engineer to ensure a smooth and enjoyable experience for those who were setup later, once the test phase was complete.


Step 2: Configure Intune Settings for Entire Organization

Microsoft Intune provides an amazing mobile device management platform, but you also need trained staff who know how to use and maintain the solution.

Our busy healthcare client had already chosen to outsource their IT needs, and so benefited from our fully-staffed team who would work with the software 24/7 to help keep their cloud-enabled mobile devices safe.

Setting up Intune can be a daunting task, but our team was able to configure the organization’s existing Azure account to allow Intune configuration capabilities.

After enabling ground policies, setting up Intune as the MDM authority across all iOS and Android devices, and inputting all Terms and Conditions text required for HIPAA compliance, we were in business.


Step 3: Configure MDM Policies

How to Setup an MDM Policy


Of all the steps in the on-boarding process, configuring the MDM policy may have been the most crucial.

This included:

  • Requiring minimum Operating System versions
  • Blocking Jailbroken devices
  • Require PIN/Passcode that met client’s minimum complexities
  • Prohibit screen recording or screen capture
  • Enabling Activation Lock, making it harder for a lost or stolen device to be reactivated
  • Pushing Outlook, OneDrive, and Teams mobile apps to all devices, and configuring Office 365 settings for each.

When combined, all of these steps ensured that every device used to access company data would meet the minimum security requirements.

After all, a secure network is only as strong as its weakest device.

Step 4: Configure MAM and Conditional Access Policies

Where MDM takes care of the devices, Mobile Application Management (MAM) takes care of the applications.

This task included:

  • Configuring corporate data restriction through restriction of unmanaged mobile apps.
  • Preventing copy/paste abilities in corporate email.
  • Preventing saving data in corporate emails/attachment to unmanaged apps.

How can Microsoft Intune help my business?


After all of these steps were complete, we used Intune to work with our test users and their devices to ensure they were able to complete their daily work, while also following all security guidelines we put in place.

Once testing was complete, Intune enabled us to push these fully vetted policies out to every connected client device.

Now, we are able to monitor, report on, and update any policy needed.

Microsoft Intune allows IT service providers like us to manage company policies across all registered devices on any network in the world, while also allowing companies to receive constant up to the minute monitoring and tracking reports!



The amount of work required for this setup is not to be underestimated.

Without the assistance of an IT service provider, any misstep along the way could have resulted in security holes for our client that might bring major fines due to regulatory compliance standards.

We believe this client made the smartest decision possible with such a daunting mission ahead of them.

The client invested up front, made sure to meet all necessary security compliance standards, and now have peace of mind knowing that all of their devices and end users are covered no matter where in the world they are working from.


If you’re interested in learning more about how we protect healthcare client data, click below to read our case study on how migrating to the cloud helped this healthcare company achieve and maintain HIPAA compliance:


New call-to-action



Tags: Microsoft