You can control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by Symantec Endpoint Protection Mobile (SEP Mobile), a mobile threat defense solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running SEP Mobile, including:
Physical defense
Network defense
Application defense
Vulnerabilities defense
You can enable SEP Mobile risk assessment through Intune device compliance policies, and then use Conditional Access policies to allow or block noncompliant device access to corporate resources based on detected threats.
SonicWall Mobile Connectâ„¢ provides users full network-level access to corporate and academic resources over encrypted SSL VPN connections. The client provides anytime, anywhere access to critical applications such as email, virtual desktop sessions and other Windows applications. Mobile Broadband Connect lies within System Utilities, more precisely Device Assistants. The most popular versions among Mobile Broadband Connect users are 3.5, 3.3 and 3.2. You can execute this free PC software on Windows XP/Vista/7/8/10 32-bit. The actual developer of the free program is Lenovo.
Note
This Mobile Threat Defense vendor is not supported for unenrolled devices.
Mobile Connector Network & Wireless Cards Drivers
Supported platforms
Android 4.1 and later
iOS 8 and later
Pre-requisites
Azure Active Directory Premium
Microsoft Intune subscription
Symantec Endpoint Protection Mobile subscription
For more information, check Symantec website.
How do Intune and SEP Mobile help protect your company resources?
SEP Mobile app for Android or iOS/iPadOS captures file system, network stack, device and application telemetry where available, then sends it to the Symantec cloud service to assess the device's risk for mobile threats.
The Intune device compliance policy includes a rule for SEP Mobile, which is based on the SEP Mobile risk assessment. When this rule is enabled, Intune evaluates device compliance with the policy that you enabled.
If the device is found noncompliant, access to resources like Exchange Online and SharePoint Online are blocked. Users on blocked devices receive guidance from the SEP Mobile app to resolve the issue and regain access to corporate resources.
Intune supports two modes of integration with SEP Mobile:
Basic setup which is a read only mode that allows SEP Mobile visibility for devices in Intune.
Full integration which allows SEP Mobile to report device risk and security incident details to Intune.
Sample scenarios
Mobile Connector Network & Wireless Cards Drivers
Here are some common scenarios:
Control access based on threats from malicious apps
When malicious apps such as malware are detected on devices, you can block devices until the threat is resolved:
Connecting to corporate e-mail
Syncing corporate files with the OneDrive for Work app
Accessing company apps
Block when malicious apps are detected:
Access granted on remediation:
Control access based on threat to network
Detect threats like Man-in-the-middle in network, and protect access to Wi-Fi networks based on the device risk.
Block network access through Wi-Fi:
Access granted on remediation:
Control access to SharePoint Online based on threat to network
Detect threats like Man-in-the-middle in network, and prevent synchronization of corporate files based on the device risk.
Block SharePoint Online when network threats are detected:
Access granted on remediation:
Control access on unenrolled devices based on threats from malicious apps
When the Symantec Endpoint Protection Mobile Threat Defense solution considers a device to be infected:
Access is granted on remediation:
Next steps
Here are the steps you need to complete to integrate Intune with SEP Mobile: