Bring-your-own-device (BYOD) has been a persistent gap in security strategies, and it is getting harder to ignore. With more employees using personal laptops and phones for work, MSPs are being pulled into a problem they don’t fully control. Aura’s entry into the MSP market with its new business security offering, Aura Business for Managed Service Providers, is a direct response to that pressure.The timing lines up with what MSPs are already seeing. Research shows that 65% of MSPs are getting client requests for BYOD security, while more than half have dealt with a related security incident in the past two years. Yet only a small portion actively monitors employee-owned devices. That mismatch highlights a structural issue. Traditional tools are designed for managed devices, but much of today’s risk sits outside that boundary.
“Aura Business for MSPs secures access at the identity and access layer, ensuring that only trusted users on ‘healthy’ devices can access business systems.Through a conditional access integration with Microsoft Entra ID, the tenant can enforce security policies, ensuring minimum device hygiene, such as OS version requirements, having a strong passcode enabled, or device security protocols. If a device doesn’t meet baseline requirements, access can be restricted.The broader value proposition, however, is the identity-centric protection that Aura provides, beyond baseline policy compliance checks. Most of today’s attacks are identity driven through identity-based threat vectors: phishing, credential theft or misuse, and social engineering. The real problem is the human element. Aura Business for MSPs is designed to account for that reality. It helps reduce risk earlier in the chain by protecting the individual behind the device—detecting scams across email, SMS, and calls, monitoring for compromised credentials, and guiding users toward safer behavior. Traditional device management solutions, like MDM, were designed to protect the device, but– by default– mitigating human risk falls to education campaigns or trainings, leaving a gaping hole in protection.Aura Business for MSPs helps close that critical gap in how access is secured - connecting identity, behavior, and device trust in a way that existing approaches don’t. It’s about shifting from reactive device control to proactive risk reduction.” This model reflects how attacks are actually happening. Credential theft, phishing, and social engineering continue to drive a large share of breaches, often originating outside corporate environments.
Shifting Security to the Identity Layer
Aura’s approach focuses on identity rather than the device itself. The idea is to secure access to business systems based on who the user is and whether their device meets baseline security conditions.Jason Coville, Chief Channel Officer, Aura Business, explained to ChannelE2E:“Aura Business for MSPs secures access at the identity and access layer, ensuring that only trusted users on ‘healthy’ devices can access business systems.Through a conditional access integration with Microsoft Entra ID, the tenant can enforce security policies, ensuring minimum device hygiene, such as OS version requirements, having a strong passcode enabled, or device security protocols. If a device doesn’t meet baseline requirements, access can be restricted.The broader value proposition, however, is the identity-centric protection that Aura provides, beyond baseline policy compliance checks. Most of today’s attacks are identity driven through identity-based threat vectors: phishing, credential theft or misuse, and social engineering. The real problem is the human element. Aura Business for MSPs is designed to account for that reality. It helps reduce risk earlier in the chain by protecting the individual behind the device—detecting scams across email, SMS, and calls, monitoring for compromised credentials, and guiding users toward safer behavior. Traditional device management solutions, like MDM, were designed to protect the device, but– by default– mitigating human risk falls to education campaigns or trainings, leaving a gaping hole in protection.Aura Business for MSPs helps close that critical gap in how access is secured - connecting identity, behavior, and device trust in a way that existing approaches don’t. It’s about shifting from reactive device control to proactive risk reduction.” This model reflects how attacks are actually happening. Credential theft, phishing, and social engineering continue to drive a large share of breaches, often originating outside corporate environments.




