"We found that MobileIron Access was the best solution to meet all of our needs in the shortest implementation time. "Wissam Jammal , IT Engineer, ACOSS
The Agence Centrale des Organismes de Sécurité Sociale (ACOSS) is a public services agency based in Montreuil, Île-de-France. ACOSS is part of URSSAF, a network of private organizations whose main task is to collect social security contributions from employees and employers who finance the French social security system. Since its creation in 1967, ACOSS has seen its missions constantly evolve, notably by extending its collection role to all social protection funds including unemployment insurance. Through its network, ACOSS collects the contributions that support the four areas covered by social security: sickness, family, aging, and work-related accidents and illnesses.
ACOSS supports the URSSAF network by defining guidelines for the collection and control of funds. The agency also allocates budgetary resources and ensures the implementation of IT policies across the network. ACOSS makes all of the contributions collected available to the service providers according to their needs, such as reimbursement of medical care or maternity leave, retirement pensions, and family allowances.
ACOSS and the URSSAF network have offices throughout France, including overseas regions such as Réunion, Martinique, Mayotte, and French Polynesia, which are located outside of mainland France. To help improve productivity and service delivery across this global infrastructure, the organization needed to modernize its mobile environment and foster more technology innovation. To support these business objectives, ACOSS wanted to expand the use of Android mobile devices and provide access to modern applications like Microsoft Office 365 — all secured by MobileIron.
MobileIron Access helps ACOSS deliver modern mobile security for Office 365
ACOSS has relied on MobileIron since 2013, when the company first needed a mobile device management (MDM) solution to secure Lotus Notes messaging. Most recently, the organization decided to deploy Office 365 across the entire workforce and needed a solution to securely administer the productivity suite to ensure only trusted users on trusted devices can access company data. After conducting a comparative study with a proof-of-concept (POC) trial for both Microsoft Intune and MobileIron Access, the central agency found that MobileIron was best suited to meet the agency’s changing requirements and needs. With the help of MobileIron and technology partner Orange, ACOSS quickly deployed Access across its fleet of mobile smartphone devices.
“Due to our complex infrastructure, we needed a solution that could help us secure our Office 365 deployment and also meet our other requirements,” said Wissam Jammal, Workspace Manager at ACOSS. “We found that MobileIron Access was the best solution to meet all of our needs in the shortest implementation time. Not only can we block anyone on any unmanaged device from accessing Office 365, we also benefit from having a solution that allows us to easily manage and deploy smartphones on site. We can also leverage native app containerization through MobileIron and Android Enterprise. And, because MobileIron is completely device- and application-agnostic, we can confidently support more devices such as Android 10,” he said.
Conditional access simplifies security
MobileIron Access helps ACOSS simplify Office 365 security by providing a single point of access from any device. Prior to MobileIron Access, employees could only use Office 365 applications from their office desktop, which greatly limited productivity for employees working offsite. Now employees can simply authenticate to Office 365 using multi-factor authentication (MFA) or single sign-on (SSO) on any device.
Today, ACOSS manages 3,000 Android devices, which are all configured through zero-touch enrollment enabled by Android Enterprise. Zero-touch enrollment allows mobile workers to start using their devices right away, without any tedious setup required. In addition to zero-touch enrollment, ACOSS uses Android Enterprise to deploy and containerize a variety of in-house apps on Android devices.
“By providing secure work apps on company devices, employees can perform critical tasks no matter where they are working. For example, we are now are able to help employees collaborate more easily across our network of 120 offices. Our IT organization ensures that our cloud apps are secure, which would have been much more difficult without MobileIron,” said Jammal. “Now we are confident that only the right people can access agency resources, such as our Office 365 data and files.”
Looking ahead: Enabling passwordless access to Office 365
In the near future, ACOSS is looking forward to moving from just MFA and SSO access to supporting zero sign-on (ZSO) authentication through MobileIron Access. ZSO enables organizations to eliminate passwords and provide a more secure and frictionless authentication experience from any device without the hassle of remembering and typing in passwords. By eliminating passwords, ZSO also helps prevent enterprise data breaches caused by stolen or compromised credentials. ACOSS plans to expand the use of Access and ZSO to Office 365 so employees can access cloud apps and data from any corporate-owned or employee-owned iOS, macOS, or Windows device.
“We are really pleased with our decision to use MobileIron Access to provide conditional access to our Office 365 apps,” said Jammal. “Access has been a valuable tool in helping us improve productivity with fewer security concerns. We’re looking forward to teaming with MobileIron on future mobile initiatives.”