You can control mobile device access to corporate resources using Conditional Access based on a risk assessment that's conducted by Trellix Mobile Security. Trellix Mobile Security is a Mobile Threat Defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the Trellix Mobile Security app.
You can configure Conditional Access policies that are based on Trellix Mobile Security risk assessment. These policies are enabled through Intune device compliance policies for enrolled devices, which you can use to allow or block noncompliant devices to access corporate resources based on detected threats. For unenrolled devices, you can use app protection policies to enforce a block or selective wipe based on detected threats.
Supported platforms
Android 6.0 and later
iOS 11.0 and later
Prerequisites
Microsoft Entra ID P1 or P2
Microsoft Intune Plan 1 subscription
Trellix Mobile Security subscription
For more information, see the documentation for Trellix Mobile Security.
How do Intune and Trellix Mobile Security help protect your company resources?
The Trellix Mobile Security app for Android and iOS/iPadOS captures file system, network stack, device, and application telemetry where available. Trellis then sends the telemetry data to the Trellix Mobile Security cloud service to assess the device's risk for mobile threats.
Support for enrolled devices - Intune device compliance policy includes a rule for Mobile Threat Defense (MTD), which can use risk assessment information from Trellix Mobile Security. When the MTD rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources like Exchange Online and SharePoint Online. Users also receive guidance from the Trellix Mobile Security app installed in their devices to resolve the issue and regain access to corporate resources. To support using Trellix Mobile Security with enrolled devices:
Support for unenrolled devices - Intune can use the risk assessment data from the Trellix Mobile Security app on unenrolled devices when you use Intune app protection policies. Admins can use this combination to help protect corporate data within a Microsoft Intune protected app, Admins can also issue a block or selective wipe for corporate data on those unenrolled devices. To support using Trellix Mobile Security with unenrolled devices:
This module explores the Microsoft Intune Suite, highlighting its advanced device management and security capabilities, components, usage, and integration with the broader Microsoft security ecosystem.
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.
How to set up the Trellix Mobile Security mobile threat defense (MTD) solution with Microsoft Intune to control mobile device access to your corporate resources
