Microsoft and Samsung are making your work phone even safer

A digital representation of a lock
(Image credit: Altalex)

Microsoft and Samsung have announced a new joint project to help protect employees who use the latter's Galaxy devices be safer in the workplace.

This project, which the two companies described as a “groundbreaking solution”, involves an on-device device attestation, a on-device, mobile hardware-backed solution to verify device trust and health. 

It allows companies to see if the mobile devices their employees are using have been compromised, “even at their deepest components”. 

Samsung Galaxy boost

Samsung is bringing its software and hardware innovations to the table, while Microsoft will be providing its endpoint management expertise.

The solution is being released in Augus 2023 alongside the release of Microsoft Intune, and will be available to select Samsung Galaxy smartphones and tablets (for example, those with Android 10 OS or later, as well as those “Secured by Knox”. 

Microsoft Intune (previously known as Windows Intune) is the company’s cloud-based unified endpoint management service for both corporate and BYOD devices. It extends some of the on-prem functionalities of Microsoft Endpoint Configuration Manager to the Microsoft Azure cloud. Secured by Knox is Samsung's defense-grade mobile security platform.

In a blog post announcing the news, Microsoft says modern device attestation tools require a network connection and access to cloud services, meaning the device may fail validation if there’s no internet, of if there’s service outage. 

Furthermore, remote validation could result in high latency between detecting a threat, and notifying the device’s owners/users that they’ve been compromised with malware

“Complete protection from threats, however, requires that devices be attested immediately and reliably regardless of network connectivity or device ownership model,” the company concluded.

“Samsung's hardware-backed cryptography and Intune app protection policies verify the client endpoint (application + device) and secure the communication between Intune client and service. Altogether, this helps to prevent malicious endpoints from accessing organization resources using valid client information taken from another device and limiting tampering with client requests.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.