Check Point SandBlast Mobile Threat Defense 連接器與 IntuneCheck Point SandBlast Mobile Threat Defense connector with Intune

您可以根據 Check Point SandBlast Mobile (一個整合了 Microsoft Intune 的行動威脅防禦解決方案) 進行的風險評估,使用條件式存取來控制行動裝置對公司資源的存取。You can control mobile device access to corporate resources using conditional access based on risk assessment conducted by Check Point SandBlast Mobile, a mobile threat defense solution that integrates with Microsoft Intune. 風險評估的依據是收集自執行 Check Point SandBlast Mobile 應用程式裝置的遙測。Risk is assessed based on telemetry collected from devices running the Check Point SandBlast Mobile app.

您可以根據透過 Intune 裝置合規性原則啟用的 Check Point SandBlast Mobile 風險評估,設定條件式存取原則。透過該原則,您可以根據偵測到的威脅來允許或封鎖不符合規範的裝置存取公司資源。You can configure conditional access policies based on Check Point SandBlast Mobile risk assessment enabled through Intune device compliance policies, which you can use to allow or block non-compliant devices to access corporate resources based on detected threats.

Intune 和 Check Point SandBlast Mobile 如何協助保護您的公司資源?How do Intune and Check Point SandBlast Mobile help protect your company resources?

適用於 Android 及 iOS 的 Check Point SandBlast Mobile 應用程式可擷取檔案系統、網路堆疊,裝置和應用程式遙測 (如果可用),然後將遙測資料傳送至 Check Point SandBlast Mobile 雲端服務,以評估裝置的行動威脅風險。Check Point Sandblast Mobile app for Android and iOS captures file system, network stack, device and application telemetry where available, then sends the telemetry data to the Check Point SandBlast cloud service to assess the device's risk for mobile threats.

Intune 裝置合規性原則包含以 Check Point SandBlast Mobile 風險評估為基礎的 Check Point SandBlast Mobile Threat Defense 規則。The Intune device compliance policy includes a rule for Check Point SandBlast Mobile Threat Defense, which is based on the Check Point SandBlast risk assessment. 啟用此規則時,Intune 會評估裝置是否符合您啟用的原則。When this rule is enabled, Intune evaluates device compliance with the policy that you enabled. 如果發現裝置不符合規範,則會封鎖使用者對 Exchange Online 和 SharePoint Online 這類公司資源的存取。If the device is found non-compliant, users are blocked access to corporate resources like Exchange Online and SharePoint Online. 使用者也會從 Check Point SandBlast Mobile 應用程式收到指導方針,以解決問題並重新取得公司資源的存取權。Users also receive guidance from the Check Point SandBlast mobile app installed in their devices to resolve the issue and regain access to corporate resources.

<!-- ## Sample scenarios

Here are some common scenarios:

Control access based on threats from malicious apps

When malicious apps such as malware are detected on devices, you can block devices until the threat is resolved:

  • Connecting to corporate e-mail

  • Syncing corporate files with the OneDrive for Work app

  • Accessing company apps

Block when malicious apps are detected:

Check Point MTD block when malicious apps are detected

Access granted on remediation:

Check Point MTD access granted

Control access based on threat to network

Detect threats like Man-in-the-middle in network, and protect access to Wi-Fi networks based on the device risk.

Block network access through Wi-Fi:

Check Point MTD block network access through Wi-Fi

Access granted on remediation:

Check Point MTD Wi-Fi access granted

Control access to SharePoint Online based on threat to network

Detect threats like Man-in-the-middle in network, and prevent synchronization of corporate files based on the device risk.

Block SharePoint Online when network threats are detected:

Check Point MTD block SharePoint Online access

Access granted on remediation:

Check Point MTD SharePoint Online access granted

Supported platforms

  • Android 4.1 and later

  • iOS 8 and later

Pre-requisites

  • Azure Active Directory Premium

  • Microsoft Intune subscription

  • Check Point SandBlast Mobile Threat Defense subscription

Next steps