Introducing more ways to protect corporate applications with BeyondCorp Enterprise
Product Manager, Google Cloud Security
As part of our efforts to democratize Zero Trust, Google Cloud has designed our BeyondCorp Enterprise solution to be an extensible platform where customers can choose to integrate signals from other technology vendors and incorporate these into their Zero Trust access policies. Following our integrations announcements earlier this year, we are excited to announce a new BeyondCorp Enterprise integration with Microsoft Intune, now available in Preview.
This integration allows organizations to craft Zero Trust access policies and protect private applications and SaaS applications, including Office 365, based on data collected from the Intune graph API, including device posture and other trust signals. It can also be leveraged to configure context-aware access policies for Workspace applications.
These policies can be applied across end-user devices, no matter where they are located. The ability to leverage device information to make access decisions is a critical component of a Zero Trust approach. Intune is a widely used mobile device management (MDM) tool and many of our customers will be able to benefit from this integration to help ensure that their distributed workforce can appropriately access corporate resources.
The BeyondCorp Enterprise integration with Microsoft Intune collects data from Intune using the Microsoft Graph API. End-user device information collected by the connector is then fed into Access Context Manager, a component of BeyondCorp Enterprise, to gate access to resources based on policies and access levels.
Figure 1: Workflow for BeyondCorp Enterprise integration with Microsoft Intune.
Customers are already seeing the benefits of the BeyondCorp Enterprise integration with Microsoft Intune. For example, one of our customers, a global ecommerce vendor, uses it to ensure their corporate-owned devices comply with internal policies before they are able to connect to corporate resources. With the Intune integration, they are then able to quickly and easily configure context-aware access policies with an attribute that company-owned devices must be in compliance in order to access the specific applications.
Previously, without the integration, they would need to set up a custom integration and manage both the code and the infrastructure where it was running. This integration not only alleviates the need to create custom code, but the customer has also seen a reduction in the time it takes to onboard new devices and build these policies.
If you’re interested in learning more or joining the preview, a full reference guide to the Intune integration can be found in our documentation here.
We believe that customers should be able to leverage their existing technology investments to build a more secure ecosystem. BeyondCorp Enterprise can help ensure that the right people have access to the right resources—only authorized users should be able to access only the resources that they have been approved for, based on their identity and device information. Google Workspace customers can also incorporate signal information from other vendors, including Intune, to create context-aware access policies for securing Workspace applications.
Earlier this year, we announced Netskope as a new member of the BeyondCorp Alliance to enable integration of a user’s risk score between Netskope Cloud Exchange and Google Cloud. We also announced new integrations with Jamf Pro for MacOS, which shares the Jamf-determined compliance state with BeyondCorp Enterprise so admins can incorporate this information into context-aware policies to restrict or allow access to protected applications.
You can learn more about BeyondCorp Enterprise integrations by registering for Google Cloud Next ‘22 on October 11-13, and attending the “What’s New in Zero Trust” session. Google Cloud will also be featured at the upcoming Jamf Nation User Conference (JNUC), September 27-29, to discuss BeyondCorp Enterprise integrations with Jamf.