...
Companies who have invested in MDM / EMM products face challenges when deploying Unified Communication (UC) and Collaboration platforms such as Skype for Business, Microsoft Teams or Webex Teams. These apps can be freely obtained and installed on any personal device, outside of MobileIron’s the MDM control. This can open a back-door channel into the company’s network or cloud data. Accessing the UC platform from an unmanaged device, that might be Jail-broken or hacked can result in domain credential theft, data leakage, and malicious traffic entering the network.
SphereShield’s conditional access solution verifies that only devices that are aligned with the company’s security policy, as defined by MobileIronthe MDM, can access corporate data through UC clients such as Skype for Business, Webex Teams or MS Teams.
...
When a user signs into their app, SphereShield requests the relevant service (such as O365 / Teams) send the client to authenticate through ADFS. ADFS is publihsed by Bastion with the CAF filter and allows SphereShield to request a client certificate from the device and only allows the user to proceed with signing in if the certificate matches specified criteria.
...