Cisco Security and Microsoft Intune

How Microsoft inTune and Cisco Security work together

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organization’s devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications. For example, you can prevent emails from being sent to people outside your organization. Intune also allows people in your organization to use their personal devices for school or work. On personal devices, Intune helps make sure your organization's data stays protected and can isolate organization data from personal data.

Intune is part of Microsoft's Enterprise Mobility + Security (EMS) suite. Intune integrates with Azure Active Directory (Azure AD) to control who has access and what they can access. It also integrates with Azure Information Protection for data protection. It can be used with the Microsoft 365 suite of products. For example, you can deploy Microsoft Teams, OneNote, and other Microsoft 365 apps to devices. This feature enables people in your organization to be productive on all of their devices while keeping your organization’s information protected with the policies you create.

Product Integrations

  • Cisco XDR Automate: This integration can run the automations below.
  • Microsoft Intune - Wipe Device
    Microsoft Intune - Wipe Devices

  • Secure Firewall: https://blogs.cisco.com/security/cisco-secure-firewall-to-support-microsoft-azure-gateway-load-balancer Cisco Secure Firewall supports the Microsoft Azure Gateway Load Balancer. The Azure Gateway Load Balancer provides bump-in-the-wire functionality, ensuring Internet traffic to and from an Azure VM, such as an application server, is inspected by Secure Firewall, without requiring any routing changes. This is another example of how Secure Firewall drives efficiency at scale. Additionally, the integration simplifies deployment, managing, and scaling of your firewalling. This reduces operational complexity, providing a single entry and exit point for traffic at the firewall. With the gateway load balancer, your applications and infrastructure maintain visibility of source IP address, which is critical in some environments.
  • ISE Integration: Integration between Cisco Identity Services Engine (ISE) and Mobile Device Management (MDM) platforms provides necessary insight into the posture of mobile devices so that companies can enforce appropriate network access policies as required by their IT organizations.
  • Secure Endpoint: Microsoft Intune endpoint management platform integrates with Secure Endpoint for iOS.
  • Cisco XDR: When you configure the Microsoft Intune integration, data about your devices will be available in XDR assets and enriched endpoint data will become available when you investigate incidents. A target will also become available in XDR automation for automated workflows.
  • Cisco XDR Investigate: The Microsoft Graph Security module queries for Sightings of observables (IP, domain, hash, file name, and file path) within Graph Security Alerts. Cisco XDR can access large volumes of Microsoft centric data as well as data from 3rd parties in a standardized format.
  • Cisco XDR Assets: The Microsoft Intune integration with XDR enables Microsoft as a data source, where device insights will periodically retrieve data about endpoints. Data includes What types of devices are connected, what users have been accessing those devices, where are those devices located, which security agents are installed and is the security software is up to date.