Smart cards are not efficient in authenticating on mobile devices. With enterprise moving towards more mobility, high security for users when accessing mobile hardware is important. The National Institute of Standards and Technology (NIST) developed guidelines for Personal Identity Verification (PIV) credentials within Special Publication (SP) 800-157. Essentially, this is a document that offers technical standards on how customers with physical smart cards can gain certification on mobile devices, including S/MIME signing and encryption. Microsoft says Intune support of derived credentials is compliant with the requirements of SP 800-157. To ensure this support, the company partnered with Interceded, DISA Purebred, and Entrust Datacard. Naturally, there is no way for physical smart cards to interact natively with a smartphone. To solve this and bring authentication to devices, Microsoft says a smart card reader can be used. “A digital certificate is then issued to the mobile device. In order to make the user experience smooth for end users, the derived credential enrollment flow is built into the Intune Company Portal app, which is the app used to enroll the device with Intune. As we will see in the next section, users will be prompted shortly after enrollment to retrieve their derived credential and will be guided through the process.”
Expansion
Redmond says iOS users can leverage this support immediately. The company will bring derived credentials to Android Enterprise and Windows 10 in the future. Last month, Microsoft launched Intune on Android Enterprise for the first time. Android Enterprise fully managed is a management scenario that gives users tools to enterprise users will giving IT admins the ability to manage capabilities. Since the introduction of Intune in preview on Android Enterprise, Microsoft has observed “extensive adoption”. Indeed, the company says Intune has enjoyed the most successful preview period on Android management so far.