Conditional Access for Mobile Device Management

In today's mobile-centric work environment, ensuring that only authorized and compliant devices access corporate resources is paramount. While Microsoft's Conditional Access, integrated with Intune, offers robust security, it often necessitates premium licensing, which can be cost-prohibitive for many organizations. InstaSafe, in collaboration with third-party Mobile Device Management (MDM) solutions, presents a cost-effective alternative, enabling seamless conditional access to Office 365 (O365) and other business applications.

Understanding Conditional Access

Conditional Access is a security approach that controls who can use and access your organization's resources based on several conditions. It evaluates signals like user identity, device compliance, location, and application usage to make informed decisions about granting or denying access. This ensures that only trusted users on compliant devices can access sensitive data, thereby bolstering organizational security.

InstaSafe's Solution: Conditional Access with Third-Party MDMs

InstaSafe offers a versatile and affordable alternative by integrating its Zero Trust Network Access (ZTNA) solution with various third-party MDM platforms. This integration facilitates conditional access without the need for expensive Microsoft licenses, providing organizations with greater flexibility and cost savings.

How InstaSafe Integrates with MDM for Conditional Access

The InstaSafe mobile app (mZTNA), available for Android and iOS, integrates seamlessly with MDM solutions to enforce conditional access policies. This integration ensures that only devices meeting specific compliance criteria—such as security configurations, OS versions, and device posture—can access corporate applications, including O365 and other SAML-supported web applications.

IntaSafe platform has a suite of inbuilt solutions which includes ZTNA, MFA, SSO, Device Binding, Device Posture Check along with various endpoint control features. All these solutions combined can provide seamless conditional access for applications with better security controls.

InstaSafe controller offers seamless integration with Azure AD and can act as identity provider. Using SAML authentication, InstaSafe can provide access to O365 Single Sign On. InstaSafe ZTNA agent installed on desktop or mobile devices can extend control for device security posture check and enable which device can access and which cannot. Using device control features, InstaSafe can control managed and unmanaged devices. Only managed and compliant devices are allowed to have access to applications.

The InstaSafe agent performs the following contextual access checks:

Device Binding check: validates that the application access request is from a known device which is approved.

Device Compliance check: validates that the device posture is compliant with organizational policies.

Gelocation check: validates that the user request is from a known geographical location.

If the above contextual access checks are successful then the InstaSafe agent gets connected and the user can access Microsoft Office 365 suite of applications.

Implementing Conditional Access with InstaSafe and MDM

To deploy conditional access using InstaSafe in conjunction with an MDM solution, organizations can follow these general steps:

1. MDM Integration: Enroll devices into the chosen MDM platform and configure compliance policies that align with organizational security requirements.
2. InstaSafe Deployment: Install and configure the InstaSafe mZTNA app on managed devices.
3. Policy Enforcement: Define conditional access policies within InstaSafe that reference device compliance status as reported by the MDM.
4. Access Control: Ensure that only devices meeting compliance criteria can access specified corporate applications, including O365 and other business apps.

Benefits of Using InstaSafe with Third-Party MDM Solutions

1. Cost Efficiency: By leveraging existing MDM solutions, organizations can avoid the additional costs associated with premium Microsoft licenses required for advanced conditional access features.
2. Flexibility: InstaSafe's compatibility with various MDM platforms allows organizations to choose solutions that best fit their specific needs, rather than being confined to a single vendor's ecosystem.
3. Enhanced Security: The combined capabilities of InstaSafe and MDM solutions ensure that only authorized and compliant devices access corporate resources, mitigating potential security risks.
4. Simplified Management: Administrators can define and enforce access policies centrally, streamlining the management of device compliance and access controls.

Value Proposition with Cost Analysis

1. Microsoft 365 Business standard user needs to be upgraded to Business Premium license. Business premium license comes with additional Conditional access, Itune, Microsoft Entra ID. 

Source: https://www.microsoft.com/en-in/microsoft-365/business/compare-all-microsoft-365-business-products

2. Office 365 E1 user needs to be upgraded to E3 license. E3 license comes with additional conditional access, DLP, RMS features

Source: https://www.microsoft.com/en-us/microsoft-365/enterprise/office365-plans-and-pricing

On an average, organizations needs to pay additional of around $150 per annum to enable conditional access using Microsoft product. 

InstaSafe offers much affordable conditional access than Microsoft licensing cost. 

InstaSafe Integrations

InstaSafe also works with various MDM solution providers such as SOTI, Scalefusion, and SafeSquid to provide conditional access for mobile devices.

InstaSafe provides conditional access for various email clients such as ICEWARP, ZOHO, Zimbra, and various other third party tools.