December 06, 2016 – Microsoft is putting a lot of hard work into securing mobile devices in the enterprise. Recently, they have been promoting their “Enterprise Mobility Suite” (EMS). EMS has many powerful security features. The core product of EMS though is based off Microsoft’s Mobile Device Management (MDM) product named InTune. InTune is a cloud solution. It also has a hybrid mode where InTune can be managed and controlled by Microsoft System Center Configuration Manager (SCCM).
SCCM is Microsofts “enterprise management framework” work horse. It is how enterprises keep their systems running and secure. When SCCM is connected to InTune, you can see your mobile devices in the SCCM console. You can even see the mobile device hardware resources just like you can with a workstation or server. The two screen shots below are from the SCCM console.
Microsoft has written numerous SCCM mobile device reports which give you just about every piece of information about the mobile device that you will want to know …
except for …
when a mobile device is connected to a workstation or server over a USB connection!
This missing information is very valuable because it is the easiest way for users to copy files from your domain. The computer industry calls this “Data Loss” and there are many products out there that focus on “Data Loss Prevention” (DLP).
Squadra Technologies Security Removable Media Manager (secRMM) is one of those DLP products. What makes secRMM unique is that it is 100% integrated into SCCM. This means you do not have to deploy another framework just to get DLP for USB plug-and-play devices. It integrates precisely into Microsoft’s Endpoint Protection strategy and also with EMS.
secRMM has a new SCCM report called “Mobile Device USB File Write Activity”. This secRMM report works in conjunction with the InTune/SCCM data so you can also see how/where your users are connecting their mobile devices within your domain.
The flow chart below shows you all the components wired together. Notice that in addition to mobile device monitoring, secRMM works with any type of plug-and-play storage device (i.e. flash drives, CD/DVD, SD-Cards, external hard drives).
Also, on the mobile device security side, secRMM comes with an optional mobile app that requires the end-user to first authenticate before the device is allowed to mount to the Windows workstation or server.
Below is a screen shot of the SCCM “Mobile Device USB File Write Activity” report. When you click the plus sign next to the device, it expands to show you all the USB related activity (see the second screen shot).
When you see files written to the mobile device, you can even see the complete path of the source file (i.e. the file that was copied)!
A YouTube video on this information is at:
We hope you found this information useful. Thank you for reading and Merry Christmas!!!