Re: Enterprise Mobility Management - Intune MDM and MAM

["Ladwig, John M" <John.Ladwig () MINNSTATE EDU>]

More re: IPv6 – DA may break if the client is attached to a dual-stack (IPv4 and IPv6) network and your head-end (or 
the path to it) isn’t.  DA client isn’t (or wasn’t, at least) smart enough to tunnel 6 in 4 if it has a 6 network 
locally.

MSFT is ending development on DA, I  learned today, though it remains supported.  The new recommendation (which may not 
cover your use cases) is Always On VPN:

    https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-map-da


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nicholas 
Garigliano
Sent: Tuesday, May 01, 2018 12:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Enterprise Mobility Management - Intune MDM and MAM

Some things to think about with using Direct Access:

  *   It only supports IPv6.  If you are not running IPv6 internally then you will have to tunnel the traffic and I 
believe NAT it.  This will cause issues with IDS's, proxy servers, your Network Engineers etc.  You will need Engineers 
(desktop, system, network, firewall) who understand IPv6 in any event.
  *   If you want HA, then you have run MS Network Clustering.  Enough said.
  *   You will have a monthly VPN outage (unless you want to assume the above is flawless) to patch.
  *   Linux, Droid, IOS, OSX support?
  *   Encryption is not done with asics, so you will want to monitor performance closely and be prepared to scale.
If VPN is not critical to your business and your customers do not depend on it to get their work done, then DA might 
make sense.  The price point is certainly a plus.

Nick Garigliano CISSP, GCIH, CCNA
Network Security Engineer
Enterprise & Network Solutions
Nazareth College
585 389-2109

On Tue, May 1, 2018 at 12:45 PM, John Ramsey <jramsey () studentclearinghouse org<mailto:jramsey () 
studentclearinghouse org>> wrote:
We are going through the process now and am happy to share when we’re complete later this summer.  We are also 
integrating Lookout as a mobile threat platform that feeds mobile threat intel back into Microsoft.  We’re taking 
MDM/MAM/MTP all in unison.

John

Sent from my iPad

On May 1, 2018, at 1:21 AM, Tim Lane <tim.lane () GRIFFITH EDU AU<mailto:tim.lane () GRIFFITH EDU AU><mailto:tim.lane 
() GRIFFITH EDU AU<mailto:tim.lane () GRIFFITH EDU AU>>> wrote:

Hi Folks,

I am reaching out to see if anyone has developed and can share policies or guidelines associated with enterprise 
mobility management with Intune MDM and MAM, particularly around self enrollment, device compliance, conditional access 
and protection policies, from either a management or user perspective?

Thanks,

Tim


Tim Lane| Cyber Security Projects Manager
Cyber Security Team

Office of Digital Solutions
Griffith University | Nathan Campus | QLD 4111 | Building location N12 Room - 1.02J
T +61 7 3735 7838 | email tim.lane () griffith edu au<mailto:tim.lane () griffith edu au><mailto:tim.lane () griffith 
edu au<mailto:tim.lane () griffith edu au>>

Cyber Security is Everyone's Responsibility!
https://www.griffith.edu.au/cybersecurity

[https://docs.google.com/uc?export=download&id=0B711CedYHBWzSVlkMWdkSEw1ckk&revid=0B711CedYHBWzdG5MVFpMamJXazBxVmR3M3ZINUw1TWZZRkd3PQ]


PRIVILEGED - PRIVATE AND CONFIDENTIAL

This email and any files transmitted with it are intended solely for the use of the addressee(s) and may contain 
information which is confidential or privileged.  If you receive this email and you are not the addressee or 
responsible for delivery of the email to the addressee(s), please disregard the contents of the email, delete the mail 
and notify the author immediately.


=======================================================
This message has been analyzed by Deep Discovery Email Inspector.