This blog post describes the key concepts of the ‘”Bring Your Own Device” (BYOD) scenario and will also suggest measures you can use to mitigate the risks associated with allowing BYOD in your organization. BYOD Bring Your Own Device, commonly known as “BYOD“, allows employees to use their personally owned
This blog post describes the key concepts of the ‘”Bring Your Own Device” (BYOD) scenario and will also suggest measures you can use to mitigate the risks associated with allowing BYOD in your organization.
Bring Your Own Device, commonly known as “BYOD“, allows employees to use their personally owned device(s) for work purposes that allow them to access corporate data/resources on their personal devices.
Few basic advantages of allowing BYOD in your organization are:
Like any other technology, it also has its own disadvantages:
Before allowing your users/employees to enrol their personal devices in your MDM solution, determine what you want to achieve with BYOD. Think over what you want to achieve with it. Few things to consider:
Before jumping on to BYOD, you must think and plan for the alternatives to allowing users to enrol their personal devices in your MDM solution.
The different platform provides different combinations for this. Android, for example, has the below four options to choose from for configuring & planning your mobile landscape:
At the same, the iOS family also have its own configurations to support this:
As it is said that ‘there is no one-size-fits-all, it is recommended that you carefully plan your BYOD solution by mixing both solutions, i.e. Corporate Owned + Personal Owned.
Before configuring any policies or profiles in your MDM solution, write down all possible considerations for using BYOD:
The list is endless, but you might have an overview of how you will plan the rollout of the BYOD service.
Once you have ironed-out all the aspects for introducing BYOD for your users, the next most important step is too define security controls to ensure that there is no leakage of corporate data from end-user’s personal devices.
The security measures depend upon how you chose the deployment approach for BYOD. Few mandatory measures to enforce are:
The components that make up the BYOD are illustrated below:
The following components of Microsoft Intune should be used for configuring BYOD
Conditional Access
An example for configuring CA for your BYOD is as below:
App Configuration Policies
App protection policies are applied to your corporate apps/data enabling additional layers of security; an example:
Device Enrolment Restrictions
Device Enrolment Restrictions can be used to manage enrolment restrictions that define what & how many devices can enrol into management with Intune.
Microsoft Cloud App Security
If you have M365 E5 then Microsoft Cloud App Security (MCAS) can be used
Session Controls
You can use session controls for cloud apps to control in-session activities and can also apply access controls to block the same set of native mobile and desktop client apps, thereby providing comprehensive security for the apps.
I hope that with this post you will be able to support the use of Bring Your Own Device (BYOD) scenarios in your organisations by allowing the use of personal devices along with securing access to your corporate data.
The next post will be a step-by-step enrollment guide for enrolling a personal iOS & Android device in Intune. Stay In(tuned).
Image by macrovector on Freepik