Managing Microsoft Office 365 with the Graph APIs & VMware Workspace ONE

Many organizations are using Office 365 apps but couldn't control and secure them using their existing EMM/UEM solution, now after Microsoft extended their Graph API to include also Intune app protection, everything is changed.

Last week, Microsoft announced general availability of their Intune app protection Graph APIs. These Intune APIs are part of a larger set of APIs called the Microsoft Graph, which is intended to help partners integrate better with Microsoft products. Here at VMware, we’ve adopted those Office 365 APIs most useful for helping you accomplish your goal: securing and integrating Office 365 into your digital workspace.

Workspace ONE uses the newly released Intune app protection Graph APIs to complement your data loss protection (DLP) strategy if you use Office 365 apps, such as Microsoft OneDrive or Microsoft Outlook. Although Workspace ONE supports multiple Intune app protection APIs, the most useful APIs for IT organizations are the following:

  • Control save location from Office 365 apps. This setting allows you to control whether users can save directly to their device, or whether they have to save to Microsoft OneDrive or another repository.

  • Control cut/copy/paste from Office 365 apps. This setting allows you to control whether users can cut, copy, or paste text out of Office 365 apps. Of course, in a time when many devices have cameras and most can take screen captures, we recommend this setting is combined with a broader Workspace ONE DLP strategy to be successful.

  • Enforce app-level PIN in Office 365 apps. This setting allows you to require app-level PINs before users can open Office apps. Because PINs can be less secure, add another barrier employees must overcome and aren’t context-aware, this setting can be supplemented with passwordless authentication and conditional access enabled by Workspace ONE.

Workspace ONE also uses Microsoft’s Graph APIs for real-time risk management for Office data, revoking access to Office 365 if a device becomes risky.

Read the full post on VMware's blog here:

And contact us for more information on how to implement it in your organization:

52 views0 comments