Microsoft has announced some important updates for Microsoft Endpoint Manager (MEM), the company’s on-premise and cloud-based security solution for enterprise customers. Microsoft Endpoint Manager will let IT admins enable secure VPN connections for unenrolled mobile devices via Microsoft Tunnel.
Microsoft Tunnel was initially announced in September 2020, and it’s a VPN gateway solution for Microsoft InTune. Specifically, it allows access to on-premises apps and resources from mobile devices using modern authentication and Conditional Access. This solution helps to ensure that iOS and Android enterprise devices are always secure and compliant with corporate policies.
With this new VPN feature, employees will be able to securely access privileged company resources on unenrolled mobile devices on the go. Microsoft says that this feature should bring an additional layer of security for end-users working in hybrid environments. However, it requires employees to use the Microsoft Edge mobile app.
“Our plan is to provide a solution that benefits both users and IT admins, allowing workers to remain productive on their devices of choice with secure access to on-premises apps and websites while retaining their privacy, as only traffic from specific work-related apps is being sent via their company’s network. IT can apply the protection policy on a per-app basis so corporate data is protected,” Microsoft explained in a blog post.
Microsoft claims that this new solution is unique because it provides strong authentication via Azure Active Directory (AAD). Moreover, it validates corporate identities through a VPN in Microsoft Edge. Finally, the solution leverages the company’s expertise in native mobile app protection policies. The firm plans to roll out this new capability as add-ons to various Microsoft 365 plans “over the next year.”
Microsoft has also announced a new cloud-powered solution dubbed “Remote Help” that integrates with Endpoint Manager. The new Remote Help tool, which is now generally available, enables helpdesks to connect to employee PCs securely.