Managing BYOD Devices

Part 1 – Synopsis of New Series

Going into a new series once again around modern device management, and perhaps an area not written about much at all.

Here we will be going into depth in regard to managed devices specifically around the BYOD (Bring your own device)

Whilst there is tremendous convenience of using a BYOD policy the areas of management and security for this can start to get very complex.

This series will start to look at how we can understand the differences and the separations between how we manage corporate devices and also BYOD devices.

The below categories are how we are going to look further into BYOD device management within the new series.

Device Enrolment: Key to BYOD Device Management

The first initial area in this instance will be regarding the device enrolment. The Strategy and planning of how a device would be onboarded or recognized within your M365 environment plays a very important role.

This can derive from using a device enrolment policy, enrolment from a Microsoft Office application as well as going to more explicit grounds of the Enrolment device platform restrictions where we can specifically define which type of enrolment methods we will actually allow.

Figure 1.1

Figure 1.1 – Device enrolment platform restrictions

What we really have to establish on the first basis is that in order for us to manage and handle devices within an organization effectively is that we cannot lump together corporate devices alongside BYOD devices due to the huge gap in the roles that they play within the organization. So very careful planning has to go into the decision-making process on how we move forward.

Compliance/Conditional Access Policies

Another area of focus is we will go into how we will construct conditional access policies. And keeping to the strategy that we are wanting to construct this separate from how we would deal with an onboarded company device.

The compliance policies will come more into play once we have agreed on the defined access policies for the BYOD devices.

Security Baselines & Patch Maintenance: Crucial to BYOD Device Management

An important part of the BYOD management will of course be around the hardening of the devices within the security baselines within Endpoint Management.

There are of course default baselines that are applied where applicable, but we may need to define our own explicit criteria for looking specifically at those devices.

Figure 1.2 -Default Security Baselines Applied

The same can also be said for the update deployment through update rings and autopatch where applicable so this may be more geared towards Windows-based devices, but there will be focus and elements across the non-windows devices when it comes to the security aspect of BYOD management.

MAM Policies

Another point of interest is the development of MAM policies for when handling BYOD devices so that we are able to have a segment of control in regard to the configuration of the company-level applications as well as what data can be accessed as well as restricted when using these applications on company premises.

Next On Part 2

Part 2 is where we will dive further into the device enrolment section of this new series, this will not just focus on Windows Devices but across all mobile devices platforms also and should be a very in-depth planning part of the series for this area.

For comprehensive end-point management services, trust WME to streamline your BYOD ecosystem effectively.



Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 005
Cyber Security

WME Security Briefing 15 April 2024

E-Commerce Security Alert: Unveiling Magecart’s Persistent Backdoor Overview Malicious activities by Magecart attackers have been reported. They are targeting Shopify’s content delivery network (CDN) by creating fake Shopify stores. The backdoor method has enabled them to

Read More »
WME Cybersecurity Briefings No. 004
Cyber Security

WME Security Briefing 11 April 2024

Mispadu Trojan Exploits Windows Vulnerability to Target Financial Data Overview The Mispadu banking trojan has intensified its operations as it’s exploiting an already patched Windows SmartScreen flaw. Since its initial identification in 2019, Mispadu has primarily preyed on

Read More »
WME Cybersecurity Briefings No. 003
Cyber Security

WME Security Briefing 29 March 2024

Russian hackers escalating their cyber warfare, deploying TinyTurla-NG to breach European NGOs. Cisco Talos reveals a targeted attack against organizations advocating democracy and supporting Ukraine. With their sophisticated methods, these cyber attackers are bypassing antivirus defenses

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.