Get your Mam to protect Skype for Business

Looking at the public data that’s available, we can see a shift between Vmware AirWatch to Microsoft Enterprise Mobility Suite for new customers. This is because Microsoft has some features that you won’t find with other Mobile Device Management solutions....

EMSvsAirwatch

Skype for Business is a huge business tool for both inside Microsoft and for thousands of our customers in the UK. Customers that we speak to want to ensure its users are empower and to leverage different devices however they're concerned about the security of these devices. Recently I’ve been speaking with number of police forces wanting to provide Enterprise Voice via Skype for Business to its officers, however see the freedom of allowing anyone to use any device, even personal ones, being a major blocker!

PicMAMOffice

 

During the recent update to Skype for Business client we've started to incorporate security and protection as part of the Enterprise Mobility Suite, similar to Outlook, OneDrive, OneNote etc; Features such as: Conditional Access and Data Loss Protection.

This solution is designed to only allow applications that are managed and compliant with company policy to be able to connect. You now have the option to use a non-managed device, but automatically enrol the app (detected from the corporate logon credentials) so that both the app and the data is protected.

 

Devices that are already enrolled will be presented with a PIN to logon into the Skype for Business app (separate to the PIN logon to the device, providing an extra/separate layer). Because the Mobile Application Management (MAM) is configured by groups or user, it means that the protection will now follow them and not the device.

It means that data that resides within the Skype for Business app can’t be copied/pasted into a normal consumer app such as Hotmail. Let’s have a look at just some of the policy settings we can configure: https://docs.microsoft.com/en-gb/intune/deploy-use/protect-app-data-using-mobile-app-management-policies-with-microsoft-intune Intune_settingsSfBApp_In_Intune

 

Encrypt your company data:  You'll notice that in the polices there's an option to encrypt the data within the application:

App_Encryption

Alright then, We've setup the polices and added our users. What does it look like to them?

When you use the device and open an application that is controlled by the MAM, the user will be automatically promoted that it's a corporately controlled app and to set a logon PIN. All this without IT or the user to secure the device manually. Screenshot_20160601-114020Screenshot_20160601-113934

See MAM in action with Dilip Radhakrishnan and Simon May : https://www.youtube.com/watch?v=XBMJZnUMpx8

Next Steps:

Try Mobile Application Management today at: http://Aka.ms/tryEms

More information

For more information about mobile application management, the supported apps and even more, please refer to: