Traditionally, securing a mobile endpoint has required a device manager. Device management gives IT administrators the control to manage and secure devices, but it isn’t always appropriate. Many organizations have BYOD policies, with employees using their personal devices for work purposes. In fact, even in 77% of organizations without a BYOD policy, employees still use their own devices. There may also be partner or contractor devices that are enrolled in their own device management platform and can’t be enrolled into another. How can corporate apps be protected without a device manager?

Introducing Conditional Launch, powered by integration between Wandera and Microsoft Endpoint Manager (formerly known as Intune), to protect data in corporate apps on unmanaged devices (MAM-WE). Conditional Launch policies can include security measures such as restricting the ability to copy and paste corporate data, enforcing data encryption on corporate apps, and even wiping corporate application data.

“We are now comfortable with having Microsoft 365 apps on BYOD devices. It’s not a problem anymore because with Wandera’s MAM-WE capabilities, we can protect sensitive corporate data without requiring device management.” – Cory Sheldon, Barratt Developments

How Conditional Launch works

conditional launch diagram

  1. Users can sign into corporate apps with their work credentials on their personal devices.
  2. Before users are granted access, Conditional Launch policies prompt the user to install Wandera on their device.
  3. The Wandera app installs seamlessly with users’ work credentials and begins assessing device telemetry. Risk factors are continuously evaluated in real-time.
  4. Telemetry is synthesised by Wandera Security Cloud to understand the overall risk posture of the device.
  5. Integration with Microsoft Endpoint Manager allows Wandera to share the device risk status, which can then be used to enforce Conditional Launch policies.
  6. When the risk level rises, user privileges can be restricted to prevent corporate data from being exposed to malicious parties.

Any app that has been integrated with the Intune SDK or wrapped by the Intune App Wrapping Tool can be managed using MAM-WE app protection policies.

To learn more, you can read about how Wandera protects corporate data on unmanaged devices and how integration with the Microsoft suite elevates business security posture. If you are ready for more connected, secure business please get in touch with one of our experts.