使用 Intune 的 Wandera 移动威胁防御连接器Wandera Mobile Threat Defense connector with Intune

使用基于 Wandera 执行的风险评估的条件访问控制移动设备对公司资源的访问。Control mobile device access to corporate resources using conditional access based on risk assessment conducted by Wandera. Wandera 是与 Microsoft Intune 集成的移动威胁防御 (MTD) 解决方案。Wandera is a Mobile Threat Defense (MTD) solution that integrates with Microsoft Intune. 基于通过 Wandera 服务从设备收集的遥测评估风险,包括:Risk is assessed based on telemetry collected from devices by the Wandera service, including:

  • 操作系统漏洞Operating system vulnerabilities
  • 安装的恶意应用Malicious apps installed
  • 恶意网络配置文件Malicious network profiles
  • 加密劫持Cryptojacking

可基于通过 Intune 设备符合性策略启用的 Wandera 风险评估配置条件访问策略。You can configure conditional access policies that are based on Wandera's risk assessment, enabled through Intune device compliance policies. 风险评估策略可以根据检测到的威胁,允许或阻止不符合要求的设备访问企业资源。Risk assessment policy can allow or block noncompliant devices from accessing corporate resources based on detected threats.

Intune 和 Wandera 移动威胁防御如何帮助保护公司资源?How do Intune and Wandera Mobile Threat Defense help protect your company resources?

Wandera 移动应用使用 Microsoft Intune 无缝安装。Wandera's mobile app seamlessly installs using Microsoft Intune. 此应用可捕获文件系统、网络堆栈以及设备和应用程序遥测(如果有)。This app captures file system, network stack, and device and application telemetry (where available). 此信息同步到 Wandera 云服务,用于评估设备的移动威胁风险。This information synchronizes to the Wandera cloud service to assess the device's risk for mobile threats. 可以在 Wandera 控制台 RADAR 中配置这些风险级别分类以满足你的需求。These risk level classifications are configurable to suit your needs in the Wandera console, RADAR.

Intune 中的符合性策略包括基于 Wandera 风险评估的 MTD 规则。The compliance policy in Intune includes a rule for MTD based on Wandera's risk assessment. 启用此规则后,Intune 将评估设备是否符合已启用的策略。When this rule is enabled, Intune evaluates device compliance with the policy that you enabled.

对于不合规的设备,可以阻止其访问 Microsoft 365 等资源。For devices that are noncompliant, access to resources like Microsoft 365 can be blocked. 被阻止的设备上的用户可从 Wandera 应用接收指导来解决此问题,并重新获得访问权限。Users on blocked devices receive guidance from the Wandera app to resolve the issue and regain access.

Wandera 将在每台设备的最新威胁级别(安全、低、中或高)发生更改时更新 Intune。Wandera will update Intune with each device’s latest threat level (Secure, Low, Medium, or High) whenever it changes. 此威胁级别由 Wandera 安全云持续重新计算,它基于设备状态、网络活动和各种威胁类别中的大量移动威胁情报源。This threat level is continuously re-calculated by the Wandera Security Cloud and is based upon device state, network activity, and numerous mobile threat intelligence feeds across various threat categories.

这些类别及其相关威胁级别可在 Wandera 的 RADAR 控制台中配置,以便每个设备的总计算威胁级别可根据组织的安全要求进行自定义。These categories and their associated threat levels are configurable in Wandera's RADAR console such that the total calculated threat level for each device is customizable per your organization’s security requirements. 对于现有威胁级别,有两种 Intune 策略类型利用此信息来管理对公司数据的访问:With threat level in hand, there are two Intune policy types that make use of this information to manage access to corporate data:

  • 通过结合使用“设备符合性策略”和条件访问,管理员可根据 Wandera 报告的威胁级别设置策略,以自动将受管理的设备标记为“不符合”。Using Device Compliance Policies with Conditional Access, administrators set policies to automatically mark a managed device as “out of compliance” based upon the Wandera-reported threat level. 条件访问策略随后将根据此符合性标志允许或拒绝对使用现代身份验证的应用程序的访问。This compliance flag subsequently drives Conditional Access Policies to allow or deny access to applications that utilize modern authentication. 若要详细了解配置,请参阅使用 Intune 创建移动威胁防御 (MTD) 设备符合性策略See Create Mobile Threat Defense (MTD) device compliance policy with Intune for configuration details.

  • 通过结合使用“应用保护策略”和条件启动,管理员可以根据 Wandera 报告的威胁级别设置在本机应用级别强制执行的策略(例如 Android 和 iOS/iPad OS 应用,如 Outlook、OneDrive 等)。Using App Protection Policies with Conditional Launch, administrators can set policies that are enforced at the native app level (e.g. Android and iOS/iPad OS apps like Outlook, OneDrive, etc.) based upon the Wandera-reported threat level. 这些策略还可用于非托管设备 (MAM-WE),以便跨所有设备平台和所有权模式提供统一的策略。These policies may also be used with unmanaged devices (MAM-WE) to provide uniform policy across all device platforms and ownership modes. 若要详细了解配置,请参阅使用 Intune 创建移动威胁防御应用保护策略See Create Mobile Threat Defense app protection policy with Intune for configuration details.

受支持的平台Supported platforms

在 Intune 中注册时,Wandera 支持以下平台:The following platforms are supported for Wandera when enrolled in Intune:

  • Android 5.0 及更高版本Android 5.0 and later
  • iOS 10.2 及更高版本iOS 10.2 and later

有关平台和设备的详细信息,请参阅 Wandera 网站For more information about platform and device, see the Wandera website.

必备条件Prerequisites

  • Microsoft Intune 订阅Microsoft Intune subscription
  • Azure Active DirectoryAzure Active Directory
  • Wandera 移动威胁防御(以前称为 Wandera Secure)Wandera Mobile Threat Defense (formerly Wandera Secure)

有关详细信息,请参阅 Wandera 移动安全性For more information, see Wandera Mobile Security.

示例方案Sample scenarios

以下是结合使用 Wandera MTD 与 Intune 的常见情形。Here are the common scenarios when using Wandera MTD with Intune.

基于来自恶意应用的威胁来控制访问Control access based on threats from malicious apps

在设备上检测到恶意应用(如恶意软件)时,可从常用工具阻止设备,直到解决威胁。When malicious apps such as malware are detected on devices, you can block devices from common tools until you can resolve the threat. 常见阻止情形包括:Common blocks include:

  • 连接到公司电子邮件Connecting to corporate e-mail
  • 使用 OneDrive for Work 应用同步企业文件Syncing corporate files with the OneDrive for Work app
  • 访问公司应用Accessing company apps

检测到恶意应用时对其进行阻止Block when malicious apps are detected:

检测到恶意应用的概念图

威胁解除后授予访问权限Access granted on remediation:

在修正后授予访问权限的概念图

根据网络威胁控制访问权限Control access based on threat to network

检测中间人攻击等网络威胁,并基于设备风险保护对 Wi-Fi 网络的访问。Detect threats to your network such as man-in-the-middle attacks and protect access to Wi-Fi networks based on the device risk.

阻止通过 Wi-Fi 访问网络Block network access through Wi-Fi:

阻止通过 Wi-Fi 访问网络

威胁解除后授予访问权限Access granted on remediation:

修正后授予访问权限

根据网络威胁控制对 SharePoint Online 的访问Control access to SharePoint Online based on threat to network

检测到中间人攻击等网络威胁时,根据设备风险阻止对公司文件进行同步。Detect threats to your network such as Man-in-the-middle attacks, and prevent synchronization of corporate files based on the device risk.

检测到网络威胁时阻止 SharePoint OnlineBlock SharePoint Online when network threats are detected:

检测到网络威胁时阻止 SharePoint Online

威胁解除后授予访问权限Access granted on remediation:

SharePoint 的威胁解除后授予访问权限示例

基于来自恶意应用的威胁控制对未注册设备的访问Control access on unenrolled devices based on threats from malicious apps

Wandera Mobile 移动威胁防御解决方案认为设备会受到感染时:When the Wandera Mobile Threat Defense solution considers a device to be infected:

应用保护策略由于检测到恶意软件而阻止访问

修正后授予访问权限:Access is granted on remediation:

应用保护策略在修正后授予访问权限

后续步骤Next steps