Symantec Endpoint Protection Mobile 連接器Symantec Endpoint Protection Mobile connector

您可以根據由 Symantec Endpoint Protection Mobile (SEP Mobile,一個與 Microsoft Intune 整合的行動裝置威脅防護解決方案) 所進行的風險評估,使用條件式存取來控制行動裝置對公司資源的存取。You can control mobile device access to corporate resources using conditional access based on risk assessment conducted by Symantec Endpoint Protection Mobile (SEP Mobile), a mobile threat defense solution that integrates with Microsoft Intune. 風險評估是根據收集自執行 SEP Mobile 裝置的遙測,包括︰Risk is assessed based on telemetry collected from devices running SEP Mobile, including:

  • 實體防禦Physical defense

  • 網路防禦Network defense

  • 應用程式防禦Application defense

  • 弱點防禦Vulnerabilities defense

您可以透過 Intune 裝置合規性政策啟用 SEP Mobile 風險評估,然後使用條件式存取原則,根據偵測到的威脅來允許或封鎖不合規範的裝置存取公司資源。You can enable SEP Mobile risk assessment through Intune device compliance policies, and then use conditional access policies to allow or block noncompliant device access to corporate resources based on detected threats.

Intune 和 SEP Mobile 如何協助保護您的公司資源?How do Intune and SEP Mobile help protect your company resources?

適用於 Android 或 iOS 的 SEP Mobile 應用程式可擷取檔案系統、網路堆疊,裝置和應用程式遙測 (如果可用),然後將它傳送至 Symantec 雲端服務,以評估裝置的行動威脅風險。SEP Mobile app for Android or iOS captures file system, network stack, device and application telemetry where available, then sends it to the Symantec cloud service to assess the device's risk for mobile threats.

Intune 裝置合規性政策包含以 SEP Mobile 風險評估為基礎的 SEP Mobile 規則。The Intune device compliance policy includes a rule for SEP Mobile, which is based on the SEP Mobile risk assessment. 啟用此規則時,Intune 會評估裝置是否符合您啟用的原則。When this rule is enabled, Intune evaluates device compliance with the policy that you enabled.

如果發現裝置不相容,則會封鎖對 Exchange Online 和 SharePoint Online 這類資源的存取。If the device is found noncompliant, access to resources like Exchange Online and SharePoint Online are blocked. 已封鎖裝置上的使用者會從 SEP Mobile 應用程式收到指導方針,以解決問題並重新取得公司資源的存取權。Users on blocked devices receive guidance from the SEP Mobile app to resolve the issue and regain access to corporate resources.

Intune 支援兩種與 SEP Mobile 整合的模式:Intune supports two modes of integration with SEP Mobile:

  • 「基本設定」是唯讀模式,允許 Intune 中的裝置看見 SEP Mobile。Basic setup which is a read only mode that allows SEP Mobile visibility for devices in Intune.

  • 「完整整合」可讓 SEP Mobile 向 Intune 報告裝置風險和安全性事件詳細資料。Full integration which allows SEP Mobile to report device risk and security incident details to Intune.

範例案例Sample scenarios

以下是一些常見的案例:Here are some common scenarios:

根據惡意應用程式的威脅來控制存取權Control access based on threats from malicious apps

在裝置上偵測到惡意應用程式 (例如惡意程式碼) 時,您可以封鎖裝置,直到解決威脅為止︰When malicious apps such as malware are detected on devices, you can block devices until the threat is resolved:

  • 連線到公司電子郵件Connecting to corporate e-mail

  • 使用 OneDrive for Work 應用程式來同步處理公司檔案Syncing corporate files with the OneDrive for Work app

  • 存取公司應用程式Accessing company apps

於偵測到惡意應用程式時進行封鎖:Block when malicious apps are detected:

偵測到惡意應用程式

修復後允許存取:Access granted on remediation:

偵測到惡意應用程式之後的補救後授與存取

根據網路威脅來控制存取權Control access based on threat to network

偵測網路中的「攔截式攻擊」等威脅,並根據裝置風險保護對 Wi-Fi 網路的存取。Detect threats like Man-in-the-middle in network, and protect access to Wi-Fi networks based on the device risk.

封鎖透過 Wi-Fi 的網路存取︰Block network access through Wi-Fi:

封鎖透過 Wi-Fi 的網路存取

修復後允許存取:Access granted on remediation:

補救後授與存取

根據網路威脅來控制 SharePoint Online 的存取權Control access to SharePoint Online based on threat to network

偵測網路中的「攔截式攻擊」等威脅,並根據裝置風險防止對公司檔案進行同步處理。Detect threats like Man-in-the-middle in network, and prevent synchronization of corporate files based on the device risk.

偵測到網路威脅時封鎖 SharePoint Online:Block SharePoint Online when network threats are detected:

偵測到網路威脅時封鎖 SharePoint Online

修復後允許存取:Access granted on remediation:

Sharepoint 的補救後授與存取範例

支援的平台Supported platforms

  • Android 4.1 和更新版本Android 4.1 and later

  • iOS 8 和更新版本iOS 8 and later

必要條件Pre-requisites

  • Azure Active Directory PremiumAzure Active Directory Premium

  • Microsoft Intune 訂閱Microsoft Intune subscription

  • Symantec Endpoint Protection Mobile 訂用帳戶Symantec Endpoint Protection Mobile subscription

如需詳細資訊,請參閱 Symantec 網站 (英文)。For more information, check Symantec website.

接下來的步驟Next steps

以下是整合 Intune 與 SEP Mobile 所需完成的步驟:Here are the steps you need to complete to integrate Intune with SEP Mobile: