Slack Microsoft Intune MDM disabled
Description
AlphaSOC detected that the Microsoft Intune mobile device management (MDM) for Slack was disabled. This security control ensures proper management and security of mobile devices accessing Slack workspace data. Disabling MDM removes crucial security controls and device compliance requirements.
Impact
Removing MDM controls allows unmanaged devices to access Slack workspaces without security enforcement. This creates opportunities for data exfiltration, unauthorized access, and potential compromise of sensitive communications. Adversaries can exploit this gap to access corporate data from non-compliant devices.
Severity
| Severity | Condition |
|---|---|
Low | Slack Microsoft Intune MDM disabled |
Investigation and Remediation
Review Slack and Intune audit logs to identify who disabled MDM and when. Check for any unauthorized changes to Slack security settings. Re-enable MDM immediately and require all devices to re-enroll. Audit device access during the period MDM was disabled. Update security policies to prevent unauthorized MDM changes.