Businesses in every industry are still reeling from the quick adjustments to the “new normal” of remote work, and one of the top concerns is cyber security. How can organizations keep track of and manage mobile devices that are accessing their network from so many different locations?
How To Keep Data Safe With MDM
We recently were working with a client in the healthcare industry who brought us this very concern. They had a large number of mobile devices that employees were using to access very sensitive data, and top of mind was HIPAA compliance.
This has become a necessity for so many in 2020. Data is being accessed from so many personal devices that businesses have little control over.
MDM strategies, when implemented with an experienced IT service provider, can allow remote management of both the data being accessed, and the hardware accessing that data.
For this particular case, after thoughtful and strategic IT planning, the client chose to go with the perfect combination of MDM, BYOD, and service provider experience.
Introducing Microsoft Intune MDM and MAM Solution
One interesting caveat to this situation is that the client had roughly 50 iPads that had no specific user assigned to them. They were simply used on an as-needed basis by anyone in the company. This is common for many businesses in the healthcare industry. Devices are needed for field operations with no specific user attached to them.
We found this problem could be solved by simply licensing each device with a Microsoft Intune standalone license. Combining this with Microsoft Enterprise Mobility and Security E3 Suite licensing for each individual user would enable a robust and more secure device management plan.
As for the rest of the solution, we were able to conduct each of the following steps without issue.
Step 1: Conduct Initial Planning and Design Session with Client
The initial planning and design phase required hours of documentation, including listing individuals in the organization who required Microsoft EMS E3 licensing. This would provide cloud security for the users on all of their devices using Microsoft 365.
After documenting the iOS and Android devices used by all employees in the company and setting up a remote wipe policy in case of device theft, five users and two of the 50 iPads were chosen as pilot test users.
These five users were in constant contact with our engineer to ensure a smooth and enjoyable experience for those who were setup later, once the test phase was complete.
Step 2: Configure Intune Settings for Entire Organization
Microsoft Intune provides an amazing mobile device management platform. Working with an IT service provider ensures that a fully-staffed team is working with the software 24/7 to keep cloud-enabled mobile devices safe.
Setting up Intune can be a daunting task, but our team was able to configure the organization’s Azure account to allow Intune configuration capabilities.
After enabling ground policies, setting up Intune as the MDM authority across all iOS and Android devices, and inputting all Terms and Conditions text required for HIPAA compliance, we were in business!
Step 3: Configure MDM Policies
Of all the steps in the on-boarding process, configuring the MDM policy may have been the most crucial. This included:
- Requiring minimum Operating System versions
- Blocking Jailbroken devices
- Require PIN/Passcode that met client’s minimum complexities
- Prohibit screen recording or screen capture
- Enabling Activation Lock, making it harder for a lost or stolen device to be reactivated
- Pushing Outlook, OneDrive, and Teams mobile apps to all devices, and configuring Office 365 settings for each.
When combined, all of these steps ensured that every device used to access company data would meet the minimum security requirements. After all, a secure network is only as strong as its weakest device!
Step 4: Configure MAM and Conditional Access Policies
Where MDM takes care of the devices, the Mobile Application Management (MAM) takes care of the applications! This section included:
- Configuring corporate data restriction through restriction of unmanaged mobile apps.
- Preventing copy/paste abilities in corporate email.
- Preventing saving data in corporate emails/attachment to unmanaged apps.
After all of these steps were complete, we used Intune to work with our five test users and their devices to ensure they were able to complete their daily work while also following all security guidelines we put in place.
Once testing was complete, Intune enabled us to push these fully vetted policies out to every connected client device. Now, we are able to monitor, report on, and update any policy needed.
Microsoft Intune allows IT service providers like us to manage company policies across all registered devices on any network in the world, while also allowing companies to receive constant up to the minute monitoring and tracking reports!
The amount of work required for this setup was enormous, and without the assistance of an IT service provider, any misstep along the way could have resulted in security holes for our client that might bring major fines due to regulatory compliance standards.
We believe this client made the smartest decision possible with such a daunting mission ahead of them. The client invested up front, made sure to meet all necessary security compliance standards, and now they have peace of mind knowing that all of their devices and end users are covered no matter where in the world they are working from!
If you’re interested in learning more about how we protect healthcare client data, click below to read another case study!