The Project

B+M needed a solution that guaranteed their devices complied with stringent security & compliance requirements.

They had replaced 90 company handsets and chose to configure Microsoft Intune to automatically deploy company configuration policies and applications to each device straight out of the box.

Intune is a fully-featured solution for mobile device management (MDM) and mobile application management (MAM) and was selected because:

• It supports all major operating systems. Though the project focussed on Apple iOS devices, Intune allowed B+M to support personally owned handsets..
• It integrates well with other Microsoft products B+M already use and third-party systems such as Apple Business.
• It was included in B+M’s existing Microsoft 365 licenses and required no on-premises infrastructure, minimising cost.

The Solution

Quorum conducted a full review and update of the mobile device and application management policies deployed to B+M’s mobile devices to support the following scenarios:

• Personally owned Android and iOS devices (BYOD).
• Mobile application management (MAM) only.
• Corporate-owned iOS devices for business use only (COBO).
• Mobile application management (MAM) and mobile device management (MDM).

BYOD devices were secured with mobile application management (MAM) only, whereas corporate-owned devices had both MAM and mobile device management (MDM) applied.

Mobile Application Management (MAM)

Quorum configured MAM policies to secure B+M’s data at the application level. These policies keep company data in an encrypted “bubble” on devices and restrict the transfer of information in and out. Company data is kept and managed independently of personal data, making MAM an ideal solution for personal/BYOD devices.

The MAM policies set up by Quorum block access from devices that do not meet the business’ compliance standards (e.g., jailbroken/rooted devices).

Following best practice, Quorum also applied slightly less restrictive MAM policies on corporate-owned devices, even though the devices themselves were secured with MDM. This layered approach to security further improved B+M’s security posture as data would still be protected even if the device were to be breached.

Mobile Device Management (MDM)

B+M’s primary focus was MDM for their corporate-owned devices. Quorum configured Intune MDM for:

• Automatic installation of core business applications.
• Deployment and protection of company email accounts.
• Updated device security controls to protect company data.
• Blocking of unnecessary consumer-focused features (e.g., Apple Game Centre).
• Evaluation of all devices against company compliance requirements.

Further to the full review and implementation of MDM, Quorum also configured Apple Business for B+M to:

• Register all company mobile devices with the company, ensuring Apple’s Activation Lock feature never locked them out.
• Integrate & synchronise with Microsoft Intune.
• Enforce automatic enrolment of new devices in Intune MDM without the need for any manual setup by IT staff, speeding up the process for deploying/redeploying devices to end users.
• Provide additional controls over device features by “Supervising” iOS devices, allowing for further customisation to meet B+M’s security needs and improve user experience.
• Streamline application deployment by taking advantage of the Volume Purchase Programme (VPP) to allow apps to be automatically installed without the need for a linked Apple ID.