...
Companies who have invested in MDM / EMM products such as MobileIron face challenges when deploying Unified Communication (UC) and Collaboration platforms such as Skype for Business, Microsoft Teams or Webex Teams. These apps can be freely obtained and installed on any personal device, outside of MobileIron’s the MDM control. This can open a back-door channel into the company’s network or cloud data. Accessing the UC platform from an unmanaged device, that might be Jail-broken or hacked can result in domain credential theft, data leakage, and malicious traffic entering the network.
SphereShield’s conditional access solution verifies that only devices that are aligned with the company’s security policy, as defined by MobileIronthe MDM, can access corporate data through UC clients such as Skype for Business, Webex Teams or MS Teams.
...
- Restrict access to UC services such as Webex, MS Teams, Skype for Business Online
- Built-in integration with MobileIron, XenMobile, MaaS360, Blackberry, and Workspace ONE (AirWatch).
- Verify that only managed devices can access UC cloud services
- Verify that device accessing UC service is compliant as defined in EMM vendor
- Visibility and control of all device access
- Two Factor Authentication to UC cloud services
- Risk engine integration and geo-fencing
- Risk engine integration to detect and block access when IP is detected as suspicions - for example too many failed logins attempts from a single IP or detecting password spraying attacks
- Risk engine integration detecting suspicious user behavior such as impossible traveler scenarios
...
When a user signs into their app, SphereShield requests the relevant service (such as O365 / Teams) send the client to authenticate through ADFS. ADFS is publihsed by Bastion with the CAF filter and allows SphereShield to request a client certificate from the device and only allows the user to proceed with signing in if the certificate matches specified criteria.
...