Forum Discussion
BYOD security for desktops - Windows/Mac
What is the best method to secure a Windows or Mac BYOD device without enrolment? Can Intune App Protection policies be applied to desktop client applications - Teams/Outlook/Word/Excel/PowerPoint? E...
Hi gurdev,
As Rudi already mentioned for mobile device with iOS/iPadOS/Android you can use mobile app protection policies without enrollment.
For windows you can use wip (windows information protection) to separate personal data from corporate data and personal data and a minimum protection.
You can use azure information protection to protect your data and it is also possible to combine it with wip.
For macOS is it not possible to use app protection policies. I know you’ve asked to protect the desktop apps but I want to make you aware of another solution what you can use.
You can also use the online version of office and microsoft defender for Cloud apps to protect for example copy/paste/print.
https://janbakker.tech/control-access-from-unmanaged-devices-with-cloud-app-security/
Kind regards,
Rene
As Rudi already mentioned for mobile device with iOS/iPadOS/Android you can use mobile app protection policies without enrollment.
For windows you can use wip (windows information protection) to separate personal data from corporate data and personal data and a minimum protection.
You can use azure information protection to protect your data and it is also possible to combine it with wip.
For macOS is it not possible to use app protection policies. I know you’ve asked to protect the desktop apps but I want to make you aware of another solution what you can use.
You can also use the online version of office and microsoft defender for Cloud apps to protect for example copy/paste/print.
https://janbakker.tech/control-access-from-unmanaged-devices-with-cloud-app-security/
Kind regards,
Rene
- As Rudi 😛 ? who is that 🙂
MCAS..ehhh Defender for cloud apps is indeed also a great addition into securing your byod devices and accessing data from your browser- Sorry I am so sorry Rudy! It was early haha
- Thanks Mr_Helaas & Rudy_Ooms_MVP.
I wanted to check if you ever recommend enrolment for a BYOD device. In my opinion enrolling a BYOD device is no go as device is owned by the user and enrolling it brings the device under management of MDM which means Organisation can do pretty much what they like with it. Now, most Organisations will not do anything stupid with their users devices but that's not the point. If Organisation requires enrollment then they must provide a corporate owned device to user.
So for BYOD solution:
Android/iOS: Intune MAM without enrolment
Windows/MAC: Browser only limited web access on personal devices or use Windows Virtual Desktop.
