Forum Discussion
Securing data on BYOD
I am looking for some advice on best practice for protecting corporate data on personal Windows devices. All data is residing in O365 and and we already have App Protection Policies in place to protect data on iOS and Android devices.
All users are licensed for O365 E5 EMS and AD P1. Our requirements are to only allow devices to access O365 data from Windows 10 devices with antivirus and disk encryption. We also want to restrict the ability to date data locally, outside of enterprise apps.
We have tested with App Protection Policies and Conditional Access however are unable to get the policies to take effect.
Any advice on the best approach to achieve this would be greatly appreciated!
- Dean_GrossSilver Contributor
scurrier have you seen https://docs.microsoft.com/en-us/intune/apps/apps-add-office365 and https://docs.microsoft.com/en-us/intune/apps/lob-apps-windows.
You may also want to enroll Windows Defender ATP in MCAS, https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration
The MIP SDK could also be of interest https://docs.microsoft.com/en-us/information-protection/develop/setup-configure-mip and this overview of the entire MIP portfolio describes the big picture https://www.microsoft.com/en-us/security/technology/information-protection
- Moe_KinaniBronze ContributorUse Windows Information Protection and Conditional Access, please refer to the article below, it explains how to use WIP with Conditional Access.
https://www.inthecloud247.com/force-windows-information-protection-with-conditional-access/
I would also restrict Download of SharePoint content on Personal Devices, this can be done by Conditional Access as well.
Let me know if you have any questions!
Moe