MSP, BYOD, Phishing, Endpoint/Device Security, Malware, SSO/MFA

Aura Targets BYOD Risk with Identity-Centric Security for MSPs

Credit: Adobe Stock Images

Bring-your-own-device (BYOD) has been a persistent gap in security strategies, and it is getting harder to ignore. With more employees using personal laptops and phones for work, MSPs are being pulled into a problem they don’t fully control. Aura’s entry into the MSP market with its new business security offering, Aura Business for Managed Service Providers, is a direct response to that pressure.

The timing lines up with what MSPs are already seeing. Research shows that 65% of MSPs are getting client requests for BYOD security, while more than half have dealt with a related security incident in the past two years. Yet only a small portion actively monitors employee-owned devices. That mismatch highlights a structural issue. Traditional tools are designed for managed devices, but much of today’s risk sits outside that boundary.

Shifting Security to the Identity Layer

Aura’s approach focuses on identity rather than the device itself. The idea is to secure access to business systems based on who the user is and whether their device meets baseline security conditions.

Jason Coville, Chief Channel Officer, Aura Business, explained to ChannelE2E:
“Aura Business for MSPs secures access at the identity and access layer, ensuring that only trusted users on ‘healthy’ devices can access business systems.

Through a conditional access integration with Microsoft Entra ID, the tenant can enforce security policies, ensuring minimum device hygiene, such as OS version requirements, having a strong passcode enabled, or device security protocols. If a device doesn’t meet baseline requirements, access can be restricted.

The broader value proposition, however, is the identity-centric protection that Aura provides, beyond baseline policy compliance checks. Most of today’s attacks are identity driven through identity-based threat vectors: phishing, credential theft or misuse, and social engineering. The real problem is the human element. Aura Business for MSPs is designed to account for that reality. It helps reduce risk earlier in the chain by protecting the individual behind the device—detecting scams across email, SMS, and calls, monitoring for compromised credentials, and guiding users toward safer behavior. Traditional device management solutions, like MDM, were designed to protect the device, but– by default– mitigating human risk falls to education campaigns or trainings, leaving a gaping hole in protection.

Aura Business for MSPs helps close that critical gap in how access is secured - connecting identity, behavior, and device trust in a way that existing approaches don’t. It’s about shifting from reactive device control to proactive risk reduction.” This model reflects how attacks are actually happening. Credential theft, phishing, and social engineering continue to drive a large share of breaches, often originating outside corporate environments.

Reducing Operational Overhead for MSPs

For MSPs, this matters at an operational level. Managing BYOD through traditional endpoint tools often brings overhead and privacy concerns. Aura’s model avoids full device control and instead integrates with identity systems like Microsoft Entra ID to enforce conditional access policies. That allows MSPs to check device hygiene and restrict access without managing personal data directly.

The platform is also built for multi-tenant environments. MSPs get centralized visibility and policy control across customers, along with automated provisioning. At the same time, some of the burden shifts away from the service provider.

Coville explained how this plays out day to day: “Aura Business for MSPs was built with MSP operations in mind, specifically to avoid adding overhead. Deployment is lightweight, and policies can be managed centrally across clients through a multi-tenant dashboard. More importantly, Aura Business for MSPs shifts much of the day-to-day burden away from the MSP. When issues arise, like a device falling out of compliance or a risky behavior detected, the platform guides users to resolve them on their own. That reduces the need for helpdesk intervention.

Aura Business for MSPs also provides direct-to-user support, including 24/7 assistance, which further limits the number of tickets MSP teams need to handle. It also reinforces security habits over time. It’s not just a protective layer - it also supports better user awareness and behavior, which can reduce repeat issues and long-term risk.

Closing the Gap Without Adding Complexity

There is also a user-facing layer that extends beyond workplace access. Employees get protection against phishing, credential theft, and unsafe browsing across their personal devices. This reflects a broader reality: the line between personal and work environments has blurred, and attacks often move across both. Securing only the corporate side leaves gaps that attackers can exploit.

Coville framed the gap and Aura’s positioning clearly: “Unmanaged devices have become one of the largest - and least addressed - security gaps in the modern IT stack."

New research from Omdia shows that: The demand is there - 65% of MSPs have received client requests for BYOD security, with 45% reporting multiple clients are asking. The risk is obvious - 55% of MSPs reported having at least one BYOD-related security incident in the last 24 months.

But MSPs aren’t offering a solution. Coville highlights, "While 79% of MSPs monitor corporate laptops, only 24% of MSPs monitor employee-owned devices, even though these devices regularly access corporate data. Aura Business eliminates the tradeoff MSPs face today between leaving personal devices unmanaged or deploying MDM built for corporate-owned hardware, which often creates operational overhead and liability, as well as friction with the clients’ employees. The main reasons these MSPs haven’t formalized a BYOD offering are operational complexity – like requiring per-device configuration, manual enrollment, client-by-client policy scoping – and liability concerns stemming from direct management of personal devices."

Aura built this with MSPs so it wouldn’t be hard to roll out or manage. It doesn’t require deep control over personal devices. It’s quick to deploy, simple to run, and easy for employees to use. MSPs can use it on its own or alongside tools like MDM, adding a light, privacy-focused layer for BYOD. That helps reduce risk, improve client security, and create a steady new revenue stream.

For clients, the benefit is straightforward. Conditional access adds another layer of protection around company data, while giving employees a way to stay secure on their own devices. That lowers the chances of mistakes that can lead to security issues.

A New Revenue Path for MSPs

From a business perspective, Aura is positioning this as both a gap filler and a revenue opportunity. BYOD security has been difficult to package because of the tradeoffs between control, privacy, and operational effort. This approach gives MSPs a way to offer coverage without reworking their entire stack.

Coville described how MSPs can position it: “For many, Aura Business represents a new recurring revenue stream tied to a clear and growing demand. It allows them to monetize a problem that hasn’t been fully addressed. At the same time, if the MSP already provides a solution like MDM, Aura Business fits naturally into the stack, plugging an identity-based risk hole in the offering. MSPs don’t need to replace anything - they can simply add a layer of protection that strengthens and completes their current stack.”

Instead of forcing endpoint management onto personal devices, vendors are moving toward identity, access, and user-level protections. For MSPs, that creates a more practical path to deliver BYOD security without increasing operational complexity.

This also tells where client expectations are heading. As unmanaged devices become part of everyday work, securing them is moving from an edge case to a baseline requirement. Providers that can deliver that coverage in a way that scales across customers will be better positioned to meet that demand.

Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds