If the way your team members access work resources from their smartphones keeps you up at night, we’ve got good news: Microsoft and Samsung are teaming up to give a massive security boost to the smartphones people use at work.
But of course there’s a catch: you have to use the right phones.
Here’s what you need to know about this smarter way to secure your company’s data and digital assets.
The Breakthrough: On-Device Attestation
We won’t get too technical here, don’t worry— but the technology breakthrough underlying this change is something called on-device attestation. We’ve talked about passkeys and other advanced authentication methods before, and this is sort of like those, only even more intense.
Basically, with on-device attestation, companies can see more deeply into the software and firmware on a phone to identify possible compromises, hacks, or other threats.
There are other attestation tools out there, but they all require network access or cloud access, which makes them a bit riskier. It’s possible in theory for the bad guys to find a way to block that cloud access and interfere with network-based attestation.
This new approach from Microsoft and Samsung can’t be bypassed, period.
This all sounds pretty great for you as a business leader. But there’s a catch here, and it’s a big one.
The Catch: Limited to Select Samsung Devices
To use this new feature, you’ll need to use the right devices. And that could be a hard sell if people are bringing their own.
Specifically, this new tech is limited to select Galaxy branded smartphones and tables — if your device says it’s “secured by Knox” you know you’re good to go.
So that means all your die-hard iPhone users are left out in the cold. So is anyone with a lower-tier Android device (or even a high-end one from a maker that isn’t Samsung).
In reality this feature makes the most sense for companies that are issuing their workers smartphones, since it’s feasible to control which devices are in use.
Timeframe for Release
This on-device attestation collaboration between Microsoft and Samsung isn’t available quite yet, but it will be soon.
Microsoft is planning to roll out the feature alongside an upcoming version release of Microsoft Intune, its endpoint management service that works with both corporate devices and BYOD (bring your own device, where employees use personal devices to access work resources).
It’s not completely clear on whether the tech will be limited to Intune customers, but it’s worth investigating once the release hits (if you’re using the right Samsung devices, that is).
Endpoint Management the Real Star of the Show
Endpoint management is a good idea no matter what brand of devices your people are using. This technology allows your organization (or your managed IT services partner) to have remote control over the devices you issue to employees. You can push security updates remotely and automatically, limit the apps and functions team members can use, and more.
And with unified endpoint management (like Microsoft Intune, among others), you’ll also gain a lesser degree of control over BYOD devices your people use to access your resources. You won’t be able to lock down those devices like you can work devices, but you can put in place limits and verification requirements that keep your resources safe.
Blue Ridge Technology Is Here for You
Choosing unified endpoint management is a no-brainer. But setting it up and maintaining this kind of system in-house can be a lot to handle, especially for small businesses that don’t have a robust in-house IT department.
That’s where Blue Ridge Tech comes in: we’ll partner with you to set up, configure, and maintain a system like this so that you stay protected — and your people retain access to the data and information they need to do their work.