Check Point SandBlast Mobile Threat Defense 連接器與 IntuneCheck Point SandBlast Mobile Threat Defense connector with Intune

您可以根據 Check Point SandBlast Mobile (一個整合了 Microsoft Intune 的行動威脅防禦解決方案) 進行的風險評估,使用條件式存取來控制行動裝置對公司資源的存取。You can control mobile device access to corporate resources using conditional access based on risk assessment conducted by Check Point SandBlast Mobile, a mobile threat defense solution that integrates with Microsoft Intune. 風險評估的依據是收集自執行 Check Point SandBlast Mobile 應用程式裝置的遙測。Risk is assessed based on telemetry collected from devices running the Check Point SandBlast Mobile app.

您可以根據透過 Intune 裝置相容性原則啟用的 Check Point SandBlast Mobile 風險評估,設定條件式存取原則。透過該原則,您可以根據偵測到的威脅來允許或封鎖不相容的裝置存取公司資源。You can configure conditional access policies based on Check Point SandBlast Mobile risk assessment enabled through Intune device compliance policies, which you can use to allow or block noncompliant devices to access corporate resources based on detected threats.

Intune 和 Check Point SandBlast Mobile 如何協助保護您的公司資源?How do Intune and Check Point SandBlast Mobile help protect your company resources?

適用於 Android 及 iOS 的 Check Point SandBlast Mobile 應用程式可擷取檔案系統、網路堆疊,裝置和應用程式遙測 (如果可用),然後將遙測資料傳送至 Check Point SandBlast Mobile 雲端服務,以評估裝置的行動威脅風險。Check Point Sandblast Mobile app for Android and iOS captures file system, network stack, device and application telemetry where available, then sends the telemetry data to the Check Point SandBlast cloud service to assess the device's risk for mobile threats.

Intune 裝置合規性原則包含以 Check Point SandBlast Mobile 風險評估為基礎的 Check Point SandBlast Mobile Threat Defense 規則。The Intune device compliance policy includes a rule for Check Point SandBlast Mobile Threat Defense, which is based on the Check Point SandBlast risk assessment. 啟用此規則時,Intune 會評估裝置是否符合您啟用的原則。When this rule is enabled, Intune evaluates device compliance with the policy that you enabled. 如果發現裝置不相容,則會封鎖使用者對 Exchange Online 和 SharePoint Online 這類公司資源的存取。If the device is found noncompliant, users are blocked access to corporate resources like Exchange Online and SharePoint Online. 使用者也會從 Check Point SandBlast Mobile 應用程式收到指導方針,以解決問題並重新取得公司資源的存取權。Users also receive guidance from the Check Point SandBlast mobile app installed in their devices to resolve the issue and regain access to corporate resources.

以下是一些常見的案例:Here are some common scenarios:

根據惡意應用程式的威脅來控制存取權Control access based on threats from malicious apps

在裝置上偵測到惡意應用程式 (例如惡意程式碼) 時,您可以封鎖裝置,直到解決威脅為止︰When malicious apps such as malware are detected on devices, you can block devices until the threat is resolved:

  • 連線到公司電子郵件Connecting to corporate e-mail

  • 使用 OneDrive for Work 應用程式來同步處理公司檔案Syncing corporate files with the OneDrive for Work app

  • 存取公司應用程式Accessing company apps

於偵測到惡意應用程式時進行封鎖:Block when malicious apps are detected:

Check Point MTD 於偵測到惡意應用程式時進行封鎖

修復後允許存取:Access granted on remediation:

Check Point MTD 授與存取權

根據網路威脅來控制存取權Control access based on threat to network

偵測網路中的「攔截式攻擊」等威脅,並根據裝置風險保護對 Wi-Fi 網路的存取。Detect threats like Man-in-the-middle in network, and protect access to Wi-Fi networks based on the device risk.

封鎖透過 Wi-Fi 的網路存取︰Block network access through Wi-Fi:

Check Point MTD 封鎖透過 Wi-Fi 的網路存取

修復後允許存取:Access granted on remediation:

Check Point MTD 授與 Wi-Fi 存取權

根據網路威脅來控制 SharePoint Online 的存取權Control access to SharePoint Online based on threat to network

偵測網路中的「攔截式攻擊」等威脅,並根據裝置風險防止對公司檔案進行同步處理。Detect threats like Man-in-the-middle in network, and prevent synchronization of corporate files based on the device risk.

偵測到網路威脅時封鎖 SharePoint Online:Block SharePoint Online when network threats are detected:

Check Point MTD 封鎖 SharePoint Online 存取

修復後允許存取:Access granted on remediation:

Check Point MTD 授與 SharePoint Online 存取權

支援的平台Supported platforms

  • Android 4.1 和更新版本Android 4.1 and later

  • iOS 8 和更新版本iOS 8 and later

必要條件Pre-requisites

  • Azure Active Directory PremiumAzure Active Directory Premium

  • Microsoft Intune 訂閱Microsoft Intune subscription

  • Check Point SandBlast Mobile Threat Defense 訂閱Check Point SandBlast Mobile Threat Defense subscription

接下來的步驟Next steps