Better Together: VMware AirWatch Workspace ONE & Office 365

Better Together: VMware AirWatch Workspace ONE & Office 365

This post was originally published on this site ---

Consider this: when it comes to securing enterprise applications, you might not have the whole story. While you may have heard that you can adequately protect your network with an Office 365 application-only security framework, in truth this approach leaves applications vulnerable. Instead, use VMware Workspace ONE  which is flexible enough to provide administrative choice, yet comprehensive enough to secure the entire mobile endpoint. Keeping mobile endpoint secure enables Office 365 security rules to work effectively. Today’s post explores the pitfalls of taking an application-only security policy approach for Office 365, positioning Workspace ONE & Office 365 with Intune MAM as the best option for addressing these shortcomings.

The Office 365 application suite holds the overwhelming share of the enterprise application market. Securing these applications is arguably a key consideration for most IT administrators regardless of vertical or organization size. As a Microsoft product, security configurations for Office 365 require the Intune MAM SDK, which is available with the Intune license.

However, making Intune EMM a requirement for managing Office 365 doesn’t play well in today’s security market. It would be like saying “If you run Windows you can only use the Internet Explorer browser.” As a result, Microsoft opened up Office 365 management by creating a separate product called Intune MAM.

What does Intune MAM Do?

Intune Mobile Application Management (MAM) is an Azure portal application. Use it to configure the Intune software development kit (SDK) integrated into Microsoft Office 365 apps like Word and Excel. It has an open API (the Graph API) so VMware’s Workspace ONE can manage the security and deployment of these Intune MAM settings.

  • Provides Office 365 application-level features.
  • Allows you to opt out of Intune EMM.
  • Coexists with any EMM product.
  • Enables deployment of any applications using Intune MAM SDK.
  • Requires an Intune license.

Use the Intune MAM SDK to add control into applications without writing the security code yourself.  Available application-level features include:

  • Restricting the copying and pasting of corporate content into personal areas
  • Requiring a passcode for application access
  • Encrypting application data using a common framework with sharable data.
  • Allowing copying and pasting between select Intune SDK applications

Limitations of an Application-Only Security Framework

The application-level features provided by the Intune MAM SDK are helpful controls, but fall short as a comprehensive security solution. A security framework that applies security policies to key applications without securing mobile endpoints exposes itself to unnecessary risk.

Examples of risks include, but are not limited to:

  • Being unable to prevent someone from moving the application and its data because you don’t have control of the device
  • Being unable to protect the network traffic of the application from interception. EG. by using a per-app VPN
  • Being unable to protect the application from a rooted device thus allowing a hacker to look at your data while it’s in memory

Better Together: Workspace ONE & Office 365

VMware Workspace ONE is an enterprise mobility management (EMM) solution that unifies identity management and mobile endpoint security into a single application catalog experience. It provides the comprehensive, yet flexible solution demanded by today’s mobile landscape.

Use Workspace ONE to address the limitations of an application-only security framework, without sacrificing Office 365 application security controls. It’s easier than you might think. Simply integrate Office 365 with Intune MAM into your Workspace ONE endpoint management framework.

The advantages of choosing endpoint security framework with Workspace ONE include:

  • Comprehensive device protection – secure the entire endpoint
  • Robust application security – including, but not limited to Office 365
  • Simplified management – Manage endpoints and applications in an easy-to-use, integrated console.

Conditional Access

Workspace ONE enables true conditional access, meaning devices gain access to resources based on contextual factors like location and organizational role. Establishing trust based on context is a win-win scenario for administrators and end-users.

[Related:Unify & Simplify Access Control with VMware Workspace ONE]

For administrators, conditional access provides a level of granularity far superior to merely allowing or blocking device access based on MDM enrollment. For end-users, conditional access from a recognized context, reduces their access requirements. Simplifying their workflow and enabling productivity.

 Premium User Experience

Tiered access provides end users a seamless, award-winning experience that drives adoption. The end result is that IT can provide a consumer simple experience without sacrificing security and control.

Check out this overview that shows why Workspace ONE provides an award winning user experience.

Ease of Deployment

Our architecture is easy to understand and easy to deploy.  When you talk about keeping environments secure, complexity is the enemy of security. Workspace ONE is Consumer Simple, Enterprise Secure.

VMware Workspace ONE Architecture

VMware Workspace ONE Architecture

Getting started is easy. Request a Live Demonstration of Workspace ONE today!


Flexible Security

Workspace ONE’s flexibility enables choice. The choice to secure as much, or as little as your  risk profile demands. Enablement focused organizations benefit from implementing the adaptive management workflow, while security-focused organizations can elect to use advanced management capabilities.

Advanced Management Capabilities:

  • Run Workspace ONE services in an on-premise deployment
  • Use the VMware Tunnel application to provide transparent network access control for apps
  • Implement VMware Tunnel Appliance with per-app VPN for full network transit control
  • Select token based enrollment to prevent unauthorized devices from accessing to corporate resources

With Workspace ONE you can trust that your application level security, including Intune MAM, has protection from all the other threats that can exist on devices and on the network.

Learn More About VMware Workspace ONE

To learn more about Workspace ONE, check out the links below:

Because you liked this blog:


The post Better Together: VMware AirWatch Workspace ONE & Office 365 appeared first on VMware End-User Computing Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.