Wandera Mobile Threat Defense 與 Intune 的連接器Wandera Mobile Threat Defense connector with Intune

您可以依據 Wandera 所執行的風險評定,使用條件式存取控制行動裝置對公司資源的存取。Control mobile device access to corporate resources using conditional access based on risk assessment conducted by Wandera. Wandera 是與 Microsoft Intune 整合的 Mobile Threat Defense (MTD) 解決方案。Wandera is a Mobile Threat Defense (MTD) solution that integrates with Microsoft Intune. 風險評估是根據 Wandera 服務收集自裝置的遙測,包括︰Risk is assessed based on telemetry collected from devices by the Wandera service, including:

  • 作業系統漏洞Operating system vulnerabilities
  • 安裝的惡意應用程式Malicious apps installed
  • 惡意網路設定檔Malicious network profiles
  • 挖礦劫持Cryptojacking

您可以設定以 Wandera 風險評定為基礎的條件式存取原則 (透過 Intune 裝置合規性原則所啟用)。You can configure conditional access policies that are based on Wandera's risk assessment, enabled through Intune device compliance policies. 風險評估原則可讓您根據偵測到的威脅,允許或封鎖不符合規範的裝置存取公司資源。Risk assessment policy can allow or block noncompliant devices from accessing corporate resources based on detected threats.

Intune 與 Wandera Mobile Threat Defense 如何協助保護您的公司資源?How do Intune and Wandera Mobile Threat Defense help protect your company resources?

Wandera 的行動裝置應用程式會使用 Microsoft Intune 順暢地安裝。Wandera's mobile app seamlessly installs using Microsoft Intune. 此應用程式會擷取檔案系統、網路堆疊與裝置和應用程式遙測 (如果可用)。This app captures file system, network stack, and device and application telemetry (where available). 此資訊會同步到 Wandera 雲端服務以評定裝置的行動裝置威脅風險。This information synchronizes to the Wandera cloud service to assess the device's risk for mobile threats. 您可以在 Wandera 主控台 RADAR 中設定這些風險等級分類以符合您的需求。These risk level classifications are configurable to suit your needs in the Wandera console, RADAR.

Intune 中的合規性政策包括以 Wandera 風險評定為基礎的 MTD 規則。The compliance policy in Intune includes a rule for MTD based on Wandera's risk assessment. 啟用此規則時,Intune 會評估裝置是否符合您啟用的原則。When this rule is enabled, Intune evaluates device compliance with the policy that you enabled.

針對不符合規範的裝置,您可封鎖對資源 (例如 Microsoft 365) 的存取。For devices that are noncompliant, access to resources like Microsoft 365 can be blocked. 已封鎖裝置上的使用者會從 Wandera 應用程式收到指導方針,以解決問題並重新取得存取權。Users on blocked devices receive guidance from the Wandera app to resolve the issue and regain access.

Wandera 會使用每部裝置的最新威脅等級 (安全、低、中或高),隨時在其變更時更新 Intune。Wandera will update Intune with each device’s latest threat level (Secure, Low, Medium, or High) whenever it changes. Wandera Security Cloud 會根據裝置狀態、網路活動,以及各種威脅類別中的許多行動威脅情報摘要,連續重新計算此威脅層級。This threat level is continuously re-calculated by the Wandera Security Cloud and is based upon device state, network activity, and numerous mobile threat intelligence feeds across various threat categories.

這些類別及其相關聯的威脅層級都可在 Wandera 的雷達圖主控台中進行設定,例如根據組織其安全性需求來自訂每部裝置的總計算威脅層級。These categories and their associated threat levels are configurable in Wandera's RADAR console such that the total calculated threat level for each device is customizable per your organization’s security requirements. 有了威脅層級,便具有兩種利用這項資訊來管理公司資料存取權的 Intune 原則類型:With threat level in hand, there are two Intune policy types that make use of this information to manage access to corporate data:

  • 系統管理員可搭配條件式存取使用裝置合規性政策,以根據 Wandera 回報的威脅層級,將原則設定為自動將受控裝置標記為「不符合規範」。Using Device Compliance Policies with Conditional Access, administrators set policies to automatically mark a managed device as “out of compliance” based upon the Wandera-reported threat level. 此合規性旗標隨後會驅動條件式存取原則,以允許或拒絕存取利用新式驗證的應用程式。This compliance flag subsequently drives Conditional Access Policies to allow or deny access to applications that utilize modern authentication. 如需設定詳細資料,請參閱使用 Intune 建立行動威脅防禦 (MTD) 裝置合規性政策See Create Mobile Threat Defense (MTD) device compliance policy with Intune for configuration details.

  • 搭配 Conditional Launch (條件式啟動) 使用應用程式保護原則時,系統管理員可根據 Wandera 回報的威脅層級,設定在原生應用層級 (例如 Outlook、OneDrive 等 Android 與 iOS/iPad OS 應用程式) 強制執行的原則。Using App Protection Policies with Conditional Launch, administrators can set policies that are enforced at the native app level (e.g. Android and iOS/iPad OS apps like Outlook, OneDrive, etc.) based upon the Wandera-reported threat level. 這些原則也可與非受控裝置 (MAM-WE) 搭配使用,以提供跨所有裝置平台與所有權模式的統一原則。These policies may also be used with unmanaged devices (MAM-WE) to provide uniform policy across all device platforms and ownership modes. 如需設定詳細資料,請參閱使用 Intune 建立行動威脅防禦應用程式防護原則See Create Mobile Threat Defense app protection policy with Intune for configuration details.

支援的平台Supported platforms

在 Intune 中註冊時,Wandera 支援下列平台︰The following platforms are supported for Wandera when enrolled in Intune:

  • Android 5.0 及更新版本Android 5.0 and later
  • iOS 10.2 與更新版本iOS 10.2 and later

如需有關平台與裝置的詳細資訊,請參閱 Wandera 網站 (英文)。For more information about platform and device, see the Wandera website.

先決條件Prerequisites

  • Microsoft Intune 訂閱Microsoft Intune subscription
  • Azure Active DirectoryAzure Active Directory
  • Wandera Mobile Threat Defense (先前稱為 Wandera Secure)Wandera Mobile Threat Defense (formerly Wandera Secure)

如需詳細資訊,請參閱 Wandera Mobile Security (英文)。For more information, see Wandera Mobile Security.

範例案例Sample scenarios

以下是搭配 Intune 使用 Wandera MTD 時的常見案例。Here are the common scenarios when using Wandera MTD with Intune.

根據惡意應用程式的威脅來控制存取權Control access based on threats from malicious apps

在裝置上偵測到惡意應用程式時,您可以在解決威脅之前使用常用工具封鎖裝置。When malicious apps such as malware are detected on devices, you can block devices from common tools until you can resolve the threat. 常見封鎖包括:Common blocks include:

  • 連線到公司電子郵件Connecting to corporate e-mail
  • 使用 OneDrive for Work 應用程式來同步處理公司檔案Syncing corporate files with the OneDrive for Work app
  • 存取公司應用程式Accessing company apps

於偵測到惡意應用程式時進行封鎖Block when malicious apps are detected:

偵測到惡意應用程式的概念影像

補救後授與存取權Access granted on remediation:

修復後授與存取權的概念影像

依據對網路的威脅性來控制存取Control access based on threat to network

偵測到攔截式攻擊等網路威脅,並根據裝置風險保護對 Wi-Fi 網路的存取。Detect threats to your network such as man-in-the-middle attacks and protect access to Wi-Fi networks based on the device risk.

封鎖透過 Wi-Fi 的網路存取Block network access through Wi-Fi:

封鎖透過 Wi-Fi 的網路存取

補救後授與存取權Access granted on remediation:

修復後授與存取權

依據對網路的威脅來控制對 SharePoint Online 的存取Control access to SharePoint Online based on threat to network

偵測您的網路威脅 (例如攔截式攻擊),並依據裝置風險來防止同步處理公司的檔案。Detect threats to your network such as Man-in-the-middle attacks, and prevent synchronization of corporate files based on the device risk.

偵測到網路威脅時封鎖 SharePoint OnlineBlock SharePoint Online when network threats are detected:

偵測到網路威脅時封鎖 SharePoint Online

補救後授與存取權Access granted on remediation:

SharePoint 的補救後授與存取權範例

根據惡意應用程式的威脅來控制未註冊裝置存取權Control access on unenrolled devices based on threats from malicious apps

當 Wandera 行動威脅防禦解決方案將裝置視為受到感染時:When the Wandera Mobile Threat Defense solution considers a device to be infected:

應用程式防護原則會因為偵測到惡意程式碼,而封鎖該裝置

補救後授與存取權:Access is granted on remediation:

應用程式保護原則的補救後授與存取權

後續步驟Next steps