Microsoft has announced a new strategic partnership with Samsung to enhance mobile security for business customers. The companies have unveiled a new mobile hardware-backed device attestation solution that works seamlessly on company-owned and personal Samsung Galaxy devices.
Device attestation is a security process used to verify the authenticity and integrity of a device before allowing it to access certain resources, networks, and services. It helps to ensure that the device is genuine, trusted, and has not been compromised. A trusted authority (such as a service or a remote server) performs a series of checks and validations to prove its identity and security posture.
For enterprises, the new solution lets organizations only allow authorized Samsung devices and applications to access sensitive corporate data. Intune MAM client responses are signed and encrypted to add a layer of protection against tampering and replay attacks.
According to Microsoft, a defense-grade mobile security platform (Samsung Knox) is already installed on Samsung Galaxy devices. The integration of the Samsung Knox device attestation API with Microsoft Intune app protection policies should boost security against cyberattacks.
“This is a breakthrough development for highly regulated organizations that want to enable employees to bring their own devices (BYOD) for work. It opens up opportunities for Galaxy smartphone users to use their preferred device securely and privately for both work and play – while still empowering them with the flexibility and versatility to optimize their productivity,” Microsoft explained.
Microsoft’s mobile device attestation supports managed and unmanaged Samsung Galaxy devices
Typically, device attestation only works on managed devices that are enrolled into the corporate network. This is because the process is server-based and needs network connectivity to operate. Microsoft says that its new device attestation solution supports both managed and unmanaged devices. It provides real-time protection even if the Samsung Galaxy device is disconnected from the enterprise network.
Microsoft plans to launch the new mobile device attestation for enterprise customers in August with the latest version of Microsoft Intune. It will only be supported on select Samsung Galaxy, such as “Secured by Knox” devices running Android 10 OS or later.