Forum Discussion

Gurdev Singh's avatar
Gurdev Singh
Iron Contributor
Jan 20, 2022

BYOD security for desktops - Windows/Mac

What is the best method to secure a Windows or Mac BYOD device without enrolment? Can Intune App Protection policies be applied to desktop client applications - Teams/Outlook/Word/Excel/PowerPoint? E.g., If a user is allowed to use Outlook or Teams desktop app on their personal Windows laptop, can that user be prevented from downloading an attachment or a file from within teams. How about stopping the user from taking a screenshot?

 

Or true BYOD security can only be achieved with enrolment of the device in Intune? If yes, it will be problematic as end users will not be happy to enrol their personal devices into Intune. 

 

 

 

 

  • Mr_Helaas's avatar
    Mr_Helaas
    Steel Contributor
    Hi gurdev,

    As Rudi already mentioned for mobile device with iOS/iPadOS/Android you can use mobile app protection policies without enrollment.

    For windows you can use wip (windows information protection) to separate personal data from corporate data and personal data and a minimum protection.

    You can use azure information protection to protect your data and it is also possible to combine it with wip.

    For macOS is it not possible to use app protection policies. I know you’ve asked to protect the desktop apps but I want to make you aware of another solution what you can use.

    You can also use the online version of office and microsoft defender for Cloud apps to protect for example copy/paste/print.

    https://janbakker.tech/control-access-from-unmanaged-devices-with-cloud-app-security/

    Kind regards,

    Rene

    • As Rudi 😛 ? who is that 🙂
      MCAS..ehhh Defender for cloud apps is indeed also a great addition into securing your byod devices and accessing data from your browser
      • Mr_Helaas's avatar
        Mr_Helaas
        Steel Contributor
        Sorry I am so sorry Rudy! It was early haha

Resources