Samsung and Microsoft Unveil First On-Device Attestation Solution for Enterprise

Strategic partnership leads to improved enterprise mobile device security for the modern workplace

Samsung Electronics Co., Ltd. today announced the first step in a plan to reimagine mobile device security for business customers in partnership with Microsoft. This collaboration has led to the industry’s first on-device, mobile hardware-backed device attestation solution that works equally well on both company and personally owned devices.

Device attestation can help ensure a device’s identity and health, verifying that it has not been compromised. On-device, mobile hardware-backed device attestation — available on Samsung Galaxy[1] devices and combined with protection from Microsoft Intune — now adds enhanced security and flexibility. For enterprises, this is an extra layer of protection against compromised devices falsely claiming to be known and healthy, gaining access to sensitive corporate data. Additionally, organizations can now enable employees to bring their own device (BYOD) to work with the confidence that they are protected with the same level of security as company owned devices. For employees, this means added flexibility for their personal Galaxy devices to safely access their work environment.

In a rapidly evolving landscape with changing work habits and increasingly sophisticated cyber threats, Zero Trust is a security model based on three principles: always assume breach, verify explicitly, and provide least privilege access. Implementation of Zero Trust has become mandated by regulated industries and public sector customers, such as the United States government.[2] This requires a new approach for enforcing security end-to-end, from apps to the network and the device itself, regardless of device ownership and enrollment.

Together, Samsung and Microsoft are uniquely positioned to enable this. Samsung is the industry leader for global smartphones. The Samsung Knox security platform is 10 years old. In that time, Samsung Knox has been activated on more than a billion Samsung Galaxy devices. That’s more than 30,000 businesses in 110 markets relying on Samsung Knox to protect their devices from cyberattacks. Microsoft is the industry leader in unified endpoint management software market share,[3] and delivers end-to-end cross-cloud, cross-platform security solutions, which integrate different categories across security, compliance, identity, device management, and privacy, informed by more than 65 trillion threat signals each day.[4]  With this partnership, the first mobile hardware-backed device attestation bridges the consumer and the world of work, allowing people to safely bring their personal devices to work.

“Samsung is committed to meaningful innovations that are as secure as they are versatile and optimized,” said KC Choi, EVP and Head of Global Mobile B2B Team, MX Business at Samsung Electronics. “As work habits evolve and people are working from virtually anywhere on any device, we are paving the way for the future of enterprise device security and democratizing the means for businesses to better protect their information.”

Flexibility for Enterprises and End Users

For enterprise IT managers, mobile hardware-backed device attestation with Intune provides strong protection for corporate needs without impacting the user experience. With this integration, even highly regulated organizations can adopt a BYOD policy with this additional layer of protection on the Samsung devices widely used by consumers and professionals for work. This increases worker productivity, provides better experiences for users, and simplifies administration.

This joint Samsung-Microsoft solution works on both managed and unmanaged devices regardless of ownership.[5] Traditional device attestation mainly works on managed devices as it is server-based and requires network connectivity, meaning the entire device has to be enrolled into the corporate system.

With mobile hardware-backed attestation, enterprises can verify a device’s integrity and allow access to the corporate system whether it is managed or unmanaged. The user experience is also streamlined to enable employees to bring their personal devices to work and safely access the corporate system without extra security steps.

“Samsung’s industry-leading hardware and software solutions, coupled with the power of the Microsoft Cloud and Intune, uniquely position us to empower defenders with end-to-end capabilities to help stop sophisticated bad actors and improve Zero Trust security posture,” said Michael Wallent, CVP Microsoft Security – Management. “With this partnership, we are committed to continuous innovation that will ensure the most security-minded organizations have the best possible mobile device protection.”

For further details, please refer to https://aka.ms/KnoxIntuneAttestation.

[1] Supported on select Samsung Galaxy smartphones and tablets, including “Security by Knox” devices with Android OS 10 or later. To be eligible, devices must have run Android OS 9 or later at time of launch.

[2] “Improving the Nation’s Cybersecurity,” Executive Order No. 14028, 86 Fed. Reg. 26633 (May 17, 2021) https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ and Young, Shalanda D. “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles,” White House, Memo No. M-22-09, January 26, 2022 https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf

[3] Source:  Worldwide Unified Endpoint Management Software Market Shares, 2022: A Tactical Management Tool Evolves into Strategic Data Platform – Printer-friendly – US50467223 (idc.com)

[4] Source: Microsoft earnings release FY22 Q2. https://www.microsoft.com/en-us/investor/earnings/FY-2022-Q2/press-release-webcast

[5] Mobile hardware-backed device attestation, enabled by Samsung Knox hardware and Microsoft Intune app policies, is compatible with both Mobile Device Management (MDM) and Mobile Application Management (MAM) systems, for use on company-owned devices as well as personally-owned devices.