Mobile Threat Defense 與 Intune 的整合是什麼?What is Mobile Threat Defense integration with Intune?

Intune Mobile Threat Defense 連接器可讓您以所選的 Mobile Threat Defense 廠商,作為合規性政策和條件式存取規則的資訊來源。Intune Mobile Threat Defense connectors allow you to leverage your chosen Mobile Threat Defense vendor as a source of information for your compliance policies and conditional access rules. 這可讓 IT 系統管理員對 Exchange 和 Sharepoint 這類公司資源增添一道保護,特別是防止來自遭盜用之行動裝置的威脅。This allows IT administrators to add a layer of protection to their corporate resources such as Exchange and Sharepoint, specifically from compromised mobile devices.

這會解決哪個問題?What problem does this solve?

公司必須保護機密資料免於遭受新興威脅 (包括實體、應用程式型和網路型威脅) 以及作業系統漏洞的攻擊。Companies need to protect sensitive data from emerging threats including physical, app-based, and network-based threats, as well as operating system vulnerabilities.

在過去,公司已經主動保護電腦免受攻擊,但行動裝置則不受監視且未受保護。Historically, companies have been proactive when protecting PCs from attack, while mobile devices go unmonitored and unprotected. 行動平台具有應用程式隔離和經審核的消費者 App Store 這類內建保護,但這些平台仍然容易受到複雜的攻擊。Mobile platforms have built-in protection such as app isolation and vetted consumer app stores, but these platforms remain vulnerable to sophisticated attacks. 現在,多位員工使用裝置進行工作,而且需要存取機密資訊。Today, more employees use devices for work and need access to sensitive information. 裝置必須受到保護,以免受到更複雜的攻擊。Devices must be protected from increasingly sophisticated attacks.

Intune Mobile Threat Defense 連接器如何運作?How do the Intune Mobile Threat Defense connectors work?

連接器會透過在 Intune 與您選擇的 Mobile Threat Defense 廠商之間建立通訊通道來保護公司資源。The connector protects company resources by creating a channel of communication between Intune and your chosen Mobile Threat Defense vendor. Intune Mobile Threat Defense 合作夥伴提供直覺且易於部署行動裝置的應用程式,而行動裝置會主動掃描並分析威脅資訊以與 Intune 共用,來進行報告或強制執行。Intune Mobile Threat Defense partners offer intuitive, easy to deploy applications for mobile devices, which actively scan and analyze threat information to share with Intune, for either reporting or enforcement purposes.

例如,如果連線的 Mobile Threat Defense 應用程式會回報給 Mobile Threat Defense 廠商,而它在您網路上的電話目前連線至易受攔截式攻擊的網路,則這項資訊會與適當的風險層級 (低/中/高) 共用,並分類為適當的風險層級 (低/中/高);接著可以比較該層級與 Intune 中設定的允許風險層級,來判定危害裝置時是否應該撤銷所選擇特定資源的存取權。For example, if a connected Mobile Threat Defense app reports to the Mobile Threat Defense vendor that a phone on your network is currently connected to a network, which is vulnerable to Man in the Middle attacks, this information is shared with and categorized to an appropriate risk level (low/medium/high) – which can then be compared with your configured risk level allowances in Intune to determine if access to certain resources of your choice should be revoked while the device is compromised.

Intune 會收集哪些 Mobile Threat Defense 資料?What data does Intune collect for Mobile Threat Defense?

如果啟用,Intune 會從個人和公司擁有的裝置收集應用程式清查資訊,供 Mobile Threat Defense (MTD) 提供者擷取,例如 Lookout for Work。If enabled, Intune collects app inventory information from both personal and corporate-owned devices and makes it available for Mobile Threat Defense (MTD) providers to fetch, such as Lookout for Work. 您可以收集 iOS 裝置使用者的應用程式清查。You can collect an app inventory from the users of iOS devices.

此服務為選擇性;預設不會共用應用程式清查資訊。This service is opt-in; no app inventory information is shared by default. Intune 系統管理員必須在服務設定中啟用 iOS 裝置的應用程式同步,才能共用任何應用程式清查資訊。An Intune administrator must enable App Sync for iOS devices in the service settings before any app inventory information is shared.

應用程式清查App inventory
如果您啟用 iOS 裝置的應用程式同步,公司和個人擁有的 iOS 裝置清查都會傳送給您的 MTD 服務提供者。If you enable App Sync for iOS devices, inventories from both corporate and personally owned iOS devices are sent to your MTD service provider. 應用程式清查中的資料包括:Data in the app inventory includes:

  • 應用程式識別碼App ID
  • 應用程式版本App Version
  • 應用程式簡短版本App Short Version
  • 應用程式名稱App Name
  • 應用程式套件組合大小App Bundle Size
  • 應用程式動態大小App Dynamic Size
  • 應用程式是否已驗證Whether the app is validated or not
  • 應用程式是否受控Whether the app is managed or not

範例案例Sample scenarios

將裝置視為受到 Mobile Threat Defense 解決方案所感染時︰When a device is considered infected by the Mobile Threat Defense solution:

顯示 Mobile Threat Defense 受感染裝置的圖片

補救裝置時,會授與存取權︰Access is granted when the device is remediated:

顯示授與 Mobile Threat Defense 存取權的圖片


不支援搭配 Intune 使用多個 Mobile Threat Defense 供應商。Using multiple Mobile Threat Defense vendors with Intune is not supported. 如果您啟用多個 MTD 工具,系統會強制安裝所有 MTD 應用程式並掃描所有裝置是否有潛在威脅。Having multiple MTD tools enabled will force all MTD apps to be installed and scan across devices for threats.

Mobile Threat Defense 合作夥伴Mobile Threat Defense partners

了解如何使用下列項目,根據裝置、網路和應用程式風險來保護對公司資源的存取:Learn how to protect access to company resource based on device, network, and application risk with: