Subscribe to receive notifications of new posts:

Cloudflare integrates with Microsoft Intune to give CISOs secure control across devices, applications, and corporate networks

2022-06-23

3 min read
This post is also available in 繁體中文.
Cloudflare integrates with Microsoft Intune to give CISOs secure control across devices, applications, and corporate networks

Today, we are very excited to announce our new integration with Microsoft Endpoint Manager (Intune). This integration combines the power of Cloudflare’s expansive network and Zero Trust suite, with Endpoint Manager. Via our existing Intune integration, joint customers can check if a device management profile such as Intune is running on the device or not and grant access accordingly.

With this expanded integration, joint customers can identify, investigate, and remediate threats faster. The integration also includes the latest information from Microsoft Graph API which provides many added, real-time device posture assessments and enables organizations to verify users' device posture before granting access to internal or external applications.

"In today’s work-from-anywhere business culture, the risk of compromise has substantially increased as employees and their devices are continuously surrounded by a hostile threat environment outside the traditional castle-and-moat model. By expanding our integration with Cloudflare, we are making it easier for joint customers to strengthen their Zero Trust security posture across all endpoints and their entire corporate network."– Dave Randall, Sr Program Manager, Microsoft Endpoint Manager

Before we get deep into how the integration works, let’s first recap Cloudflare’s Zero Trust Services.

Cloudflare Access and Gateway

Cloudflare Access determines if a user should be allowed access to an application or not. It uses our global network to check every request or connection for identity, device posture, location, multifactor method, and many more attributes to do so. Access also logs every request and connection — providing administrators with high-visibility. The upshot of all of this: it enables customers to deprecate their legacy VPNs.

Cloudflare Gateway protects users as they connect to the rest of the Internet. Instead of backhauling traffic to a centralized location, users connect to a nearby Cloudflare data center where we apply one or more layers of security, filtering, and logging, before accelerating their traffic to its final destination.

Zero Trust integration with Microsoft Endpoint Manager

Cloudflare’s customers can now build Access and Gateway policies based on the device being managed by Endpoint Manager (Intune) with a compliance policy defined. In conjunction with our Zero Trust client, we are able to leverage the enhanced telemetry that Endpoint Manager (Intune) provides surrounding a user’s device.

Microsoft’s Graph API delivers continuous real-time security posture assessments such as Compliance State across all endpoints in an organization regardless of the location, network or user. Those key additional device posture data enable enforcement of conditional policies based on device health and compliance checks to mitigate risks. These policies are evaluated each time a connection request is made, making the conditional access adaptive to the evolving condition of the device.

With this integration, organizations can build on top of their existing Cloudflare Access and Gateway policies ensuring that a ‘Compliance State’ has been met before a user is granted access. Because these policies work across our entire Zero Trust platform, organizations can use these to build powerful rules invoking Browser Isolation, tenant control, antivirus or any part of their Cloudflare deployment.

How the integration works

Customers using our Zero Trust suite can add Microsoft Intune as a device posture provider in the Cloudflare Zero Trust dashboard under Settings → Devices → Device Posture Providers. The details required from the Microsoft Endpoint Manager admin center to set up policies on Cloudflare dashboard include: ClientID, Client Secret, and Customer ID.

Screenshot showing the fields necessary to establish a connection from the Cloudflare Service to the Microsoft Graph API

After creating the Microsoft Endpoint Manager Posture Provider, customers can create specific device posture checks requiring users’ devices to meet certain criteria such as device ‘Compliance State’.

Screenshot showing the compliance state fields accessible from Microsoft by this posture integration. They are: Compliant, Noncompliant, Unknown, Not applicable, In grace period and Error

These rules can now be used to create conditional Access and Gateway policies to allow or deny access to applications, networks, or sites. Administrators can choose to block or isolate users or user groups with malicious or insecure devices.

Screenshot showing the Gateway rule builder. The first rule shown is device posture check for Endpoint Manager device compliance. The second rule shown is that this applies to Applications in the Collaboration and Online Meeting category

What comes next?

In the coming months, we will be further strengthening our integrations with the Microsoft Graph API by allowing customers to correlate many other fields in the Graph API to enhance our joint customers’ security policies.

If you’re using Cloudflare Zero Trust products today and are interested in using this integration with Microsoft Intune, please visit our documentation to learn about how you can enable it. If you want to learn more or have additional questions, please fill out the form or get in touch with your Cloudflare CSM or AE, and we'll be happy to help you.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
Cloudflare One WeekPartnersMicrosoft

Follow on X

Abhi Das|@abhidasone
Kyle Krum|@KyleKrum
Cloudflare|@cloudflare

Related posts

September 24, 2024 1:00 PM

Cloudflare partners with Internet Service Providers and network equipment providers to deliver a safer browsing experience to millions of homes

Cloudflare is extending the use of our public DNS resolver through partnering with ISPs and network providers to deliver a safer browsing experience directly to families. Join us in protecting every Internet user from unsafe content with the click of a button, powered by 1.1.1.1 for Families....