Managing BYOD Devices

Part 1 – Synopsis of New Series

Going into a new series once again around modern device management, and perhaps an area not written about much at all.

Here we will be going into depth in regard to managed devices specifically around the BYOD (Bring your own device)

Whilst there is tremendous convenience of using a BYOD policy the areas of management and security for this can start to get very complex.

This series will start to look at how we can understand the differences and the separations between how we manage corporate devices and also BYOD devices.

The below categories are how we are going to look further into BYOD device management within the new series.

Device Enrolment: Key to BYOD Device Management

The first initial area in this instance will be regarding the device enrolment. The Strategy and planning of how a device would be onboarded or recognized within your M365 environment plays a very important role.

This can derive from using a device enrolment policy, enrolment from a Microsoft Office application as well as going to more explicit grounds of the Enrolment device platform restrictions where we can specifically define which type of enrolment methods we will actually allow.

Figure 1.1

Figure 1.1 – Device enrolment platform restrictions

What we really have to establish on the first basis is that in order for us to manage and handle devices within an organization effectively is that we cannot lump together corporate devices alongside BYOD devices due to the huge gap in the roles that they play within the organization. So very careful planning has to go into the decision-making process on how we move forward.

Compliance/Conditional Access Policies

Another area of focus is we will go into how we will construct conditional access policies. And keeping to the strategy that we are wanting to construct this separate from how we would deal with an onboarded company device.

The compliance policies will come more into play once we have agreed on the defined access policies for the BYOD devices.

Security Baselines & Patch Maintenance: Crucial to BYOD Device Management

An important part of the BYOD management will of course be around the hardening of the devices within the security baselines within Endpoint Management.

There are of course default baselines that are applied where applicable, but we may need to define our own explicit criteria for looking specifically at those devices.

Figure 1.2 -Default Security Baselines Applied

The same can also be said for the update deployment through update rings and autopatch where applicable so this may be more geared towards Windows-based devices, but there will be focus and elements across the non-windows devices when it comes to the security aspect of BYOD management.

MAM Policies

Another point of interest is the development of MAM policies for when handling BYOD devices so that we are able to have a segment of control in regard to the configuration of the company-level applications as well as what data can be accessed as well as restricted when using these applications on company premises.

Next On Part 2

Part 2 is where we will dive further into the device enrolment section of this new series, this will not just focus on Windows Devices but across all mobile devices platforms also and should be a very in-depth planning part of the series for this area.

For comprehensive end-point management services, trust WME to streamline your BYOD ecosystem effectively.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.