Leave a comment

SCCM ties together MDM and DLP

December 06, 2016ems Microsoft is putting a lot of hard work into securing mobile devices in the enterprise. Recently, they have been promoting their “Enterprise Mobility Suite” (EMS). EMS has many powerful security features. The core product of EMS though is based off Microsoft’s Mobile Device Management (MDM) product named InTune. InTune is a cloud solution. It also has a hybrid mode where InTune can be managed and controlled by Microsoft System Center Configuration Manager (SCCM).

SCCM is Microsofts “enterprise management framework” work horse. It is how enterprises keep their systems running and secure. When SCCM is connected to InTune, you can see your mobile devices in the SCCM console. You can even see the mobile device hardware resources just like you can with a workstation or server.  The two screen shots below are from the SCCM console.



Microsoft has written numerous SCCM mobile device reports which give you just about every piece of information about the mobile device that you will want to know …

except for …

when a mobile device is connected to a workstation or server over a USB connection!

This missing information is very valuable because it is the easiest way for users to copy files from your domain. The computer industry calls this “Data Loss” and there are many products out there that focus on “Data Loss Prevention” (DLP).

Squadra Technologies Security Removable Media Manager (secRMM) is one of those DLP products. What makes secRMM unique is that it is 100% integrated into SCCM. This means you do not have to deploy another framework just to get DLP for USB plug-and-play devices.  It integrates precisely into Microsoft’s Endpoint Protection strategy and also with EMS.

secRMM has a new SCCM report called “Mobile Device USB File Write Activity”. This secRMM report works in conjunction with the InTune/SCCM data so you can also see how/where your users are connecting their mobile devices within your domain.

The flow chart below shows you all the components wired together. Notice that in addition to mobile device monitoring, secRMM works with any type of plug-and-play storage device (i.e. flash drives, CD/DVD, SD-Cards, external hard drives).


Also, on the mobile device security side, secRMM comes with an optional mobile app that requires the end-user to first authenticate before the device is allowed to mount to the Windows workstation or server.

Below is a screen shot of the SCCM “Mobile Device USB File Write Activity” report. When you click the plus sign next to the device, it expands to show you all the USB related activity (see the second screen shot).


When you see files written to the mobile device, you can even see the complete path of the source file (i.e. the file that was copied)!


A YouTube video on this information is at:

We hope you found this information useful. Thank you for reading and Merry Christmas!!!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: