Forum Discussion
Protect org data on BYOD Windows / macOS devices
Hi All
I hope you are well.
Anyway, I have a need to protect org data on:
- Window personal / BYOD devices
- MacOS personal / BYOD devices
What's the best way to achieve this?
My thinking is:
- 1 X Conditional Access policy that blocks
- 1 X Conditional Access policy that allows via Edge, no persistent session, no downloads etc
- Device filter on both policies that target unmanaged devices
Any other suggestions?
SK
3 Replies
Your Conditional Access setup is a strong baseline, but it mainly controls access, not how data is used.
To strengthen BYOD protection, combine it with a CASB like Microsoft Defender for Cloud Apps.
This enables:
Real-time session control (block downloads, read-only)
Inline DLP based on sensitivity
Control of user actions (copy/paste, uploads)
CA + CASB is a proven approach to protect org data on unmanaged Windows/macOS devices without requiring enrollment.By protect do you want to restrict access on BYO, or allow access with DLP controls?
Apologies, I should have been more specific.
Anyway, we would like "allow access with DLP controls" for Windows and macOS devices only.
We already have APP in place for Android and iOS unmanaged / BYOD devices.
SK
