Forum Discussion

StuartK73's avatar
StuartK73
Iron Contributor
Oct 21, 2019

BYOD Policy Assignment

Hi All

With regards to BYOD, is it best to create a separate assignment group for policies etc?

For example:

App protection policy for Managed Devices
No app PIN when device is managed
Assigned to Intune Test Group


App protection policy for Unmanaged Devices
App PIN for targeted apps
Assigned to Intune BYOD Test Group

Info appreciated
  • halbot's avatar
    halbot
    Brass Contributor

    Hi StuartK73 

    I would avoid this if at all possible. What happens if a user has a provided (enrolled) device, and also wants to BYOD their own?

    With PIN however you should not have an issue, if you look at the info for setting 'App PIN when device PIN is set', it says that this applies to MDM enrolled devices only. So you can set that and the app PIN will still be required for BYOD (MAM) devices, since it is the app which is protected and not the device.

    • StuartK73's avatar
      StuartK73
      Iron Contributor
      Yeah, are you suggesting 1 X App Protection policy per OS platform for both managed / unmanaged devices and the require app PIN when MDM not present?

Resources