124: Apps Delivery / App Compat
Overview
Use Intune to manage and update apps in your organization, and the principles of Zero Trust in defining an app management strategy:
-
Assume Breach - Regularly monitor app behavior and security events. Assume that threats may already exist and proactively detect anomalies. Keep apps up-to-date with security patches to minimize vulnerabilities. Integrate threat intelligence feeds, like Microsoft Defender for Endpoint, to identify known malicious apps or behaviors.
-
Verify Explicitly - Define policies for how apps are acquired, installed, and updated. Only download and install apps from trusted sources. Use a secure enterprise app catalog like Enterprise Application Management with Microsofot Intune.
-
Use Least-Privilege Access - Allow only approved apps to run on managed devices. Limit those who can install apps on devices or add new apps to Intune. Run your users as standard user (without administrative rights) and consider Endpoint Privilege Management with Microsoft Intune to complete tasks that require elevated privileges.