The Modern Workforce – What Can I Do About Security Risks?

Implementations of powerful productivity tools like Microsoft Office 365 (O365) continue to grow, yet the growth of the anytime-anywhere collaboration ethos, coupled with the continued proliferation of powerful yet affordable mobile devices, means many organisations need to consider how they securely manage access and protect themselves from security threats.

As we’re all aware, with O365 end users have multiple ways to access their data – from the browser, native mobile applications and desktop apps. Because of this, each access mechanism has a different authentication flow that must be managed by IT. If you’re opening up access to business apps from the internet, how do you keep that data within the apps and on corporate repositories secure and off limits to unauthorised users and non-compliant devices? How do you protect data if a device is lost or stolen? How do you make it possible for users to sign in automatically, and securely, using their corporate identity?

Due to this complexity and the associated security risks outlined above, one of the most common questions asked by our customers is for a solution that enables secure access, while providing customised security policies based on the type of access device – and if the security and management of that access can be simplified then even better!

Simplification means better use of time

Each device in your organisation’s infrastructure brings a digital workspace that needs security and management. With Windows 10, macOS, Android and iOS devices, this can require a hefty amount of an IT admin’s attention. A streamlined enterprise management platform with robust options can help your admins understand complex processes easily and finish tasks quickly.

By spending less time on device management tasks, as well as having a better experience, your IT admins can have more time to devote to other key initiatives in your organisation. In addition, the sooner an admin finishes necessary management tasks, the sooner the device and digital workspace is ready for use.

The solution

You may have various solutions that address some of the issues mentioned above, yet with VMware Workspace ONE you have the answer to them all with one solution and one single vendor approach.

With VMware Workspace ONE, Phoenix is able to offer a solution – including software, implementation and support – that provides Office 365 customers with the following benefits:

One-touch single sign-on (SSO) from mobile devices
Industry leading, seamless, single sign-on (SSO) to public mobile apps using the Secure App Token System (SATS) establishes trust between the user, device, application, and the enterprise. Multi-factor authentication (MFA) is also available.

Block access from unmanaged devices and non-compliant managed devices
Enforce access decisions based on a range of conditions from strength of authentication, network, location and device compliance. Advanced data leakage protection also restricts access from rooted or jailbroken devices.

O365 Application Access Control
Automatically deploy O365 applications if an authenticated user has logged into a managed device. In addition, powerful policies enable IT to restrict specific O365 services based on users or groups.

Secure Content Collaboration
Protect your sensitive content in OneDrive in a corporate container and provide users with a central application to securely access, store, update and distribute the latest documents from mobile devices.

Consumer Simple, Enterprise Grade Email Client
With Workspace ONE end-users get an intuitive experience with a host of advanced mail, calendar and contacts features inside of one containerised app and IT admins get the ability to configure and manage security policies at a granular level.


In brief, when O365 receives a request for authentication, it will send that request to Identity Manager (part of Workspace ONE). Identity Manager will then enforce different single sign-on (SSO) authentication policies based on the type of device and the compliance state of the device. Once authentication is successful, the SAML assertion will be sent back to O365.

What is the end-user experience?

Workspace ONE uses a secure application token to silently authenticate the user behind the scenes. A secure cryptographic app token in the form of certificate is provisioned onto the device that allows Workspace ONE with Identity Manager to verify who the user is and if the device is trusted or not. For example, an end user launching OneDrive from their mobile device will be redirected so that Workspace ONE can authenticate the user. This happens seamlessly for the end user without any requests for additional passwords.

Phoenix Professional Services

For customers already using O365 or who are looking to adopt it, Phoenix accredited consultants, utilising Workspace ONE, are able to secure access from mobile devices, while providing customised security policies based on the type of access device. This ensures that end users get consumer simplicity, with an experience that is seamless and easy to use while IT can ensure that only compliant users and devices access corporate resources such as O365.


Workspace ONE integrates access control, application management and multi-platform endpoint management, allowing you to simply and securely deliver and manage any app on any device.

To learn more about VMware Workspace ONE and how it can help your organisation, talk to a member of the Phoenix Software Team today on 01904 562200, email [email protected] or complete the form below:

Although every attempt has been made to ensure the accuracy of the above article, Phoenix Software Ltd cannot be held responsible for any opinions or information provided therein and as such is not liable for any damages caused by a customer’s reliance upon this information.