051: Mobile Threat Defense

Overview

Mobile Threat Defense (MTD) integration with Microsoft Intune allows you to enhance security for mobile devices. Here's how it works:

1. Purpose:

   • Intune integrates data from third-party MTD vendors as an information source for device compliance policies and Conditional Access rules.
   • This integration helps protect corporate resources (such as Exchange and SharePoint) by blocking access from compromised mobile devices.

2. How It Works:

   • Intune uses a Mobile Threat Defense connector to communicate with your chosen MTD vendor.
   • MTD partners offer easy-to-deploy applications for mobile devices that actively scan and analyze threat information.
   • The MTD app reports threat data to the vendor, which categorizes it as low, medium, or high risk.
   • Intune compares this risk level with your configured allowances.
   • Based on the comparison, access to specific resources can be revoked if the device is compromised.

3. Setting It Up:

   • Sign in to the Microsoft Intune admin center.
   • Go to Tenant administration > Connectors and tokens > Mobile Threat Defense.
   • To set up integration with an MTD vendor, you need to be a Microsoft Enterprise Global administrator or have the Endpoint Security Manager built-in admin role for Intune.

Mobile Threat Defense partners

Better Mobile

BlackBerry Protect Mobile

Check Point Harmony Mobile

CrowdStrike Falcon for Mobile

Jamf Mobile Threat Defense

Lookout for Work

Microsoft Defender for Endpoint

Pradeo

SentinelOne

Sophos Mobile

Symantec Endpoint Protection Mobile

Trellix Mobile Security

Trend Micro Mobile Security as a Service

Windows Security Center (Supports integration with Windows MAM)

Zimperium

Reference

• https://learn.microsoft.com/en-us/mem/intune/protect/mobile-threat-defense
• https://learn.microsoft.com/en-us/mem/intune/protect/mtd-connector-enable