Home

BYOD, Windows 10 force Azure AD registration for MAM to correctly apply

%3CLINGO-SUB%20id%3D%22lingo-sub-265601%22%20slang%3D%22en-US%22%3EBYOD%2C%20Windows%2010%20force%20Azure%20AD%20registration%20for%20MAM%20to%20correctly%20apply%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-265601%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20BYOD%20policy%20requires%20us%20to%20lock%20down%20access%20to%20365%20via%20browser%20only%20and%20prevent%20data%20egress.%26nbsp%3B%20We%20can%20do%20this%20using%26nbsp%3Bapp%20protection%20but%20it%20only%20works%20100%25%20as%20required%20once%20the%20device%20is%20azure%20ad%20registered.%26nbsp%3B%20As%20far%20as%20I%20can%20see%20this%20is%20a%20user%20driven%20task%20-%20this%20will%20never%20work%20as%20probably%2050%25%2B%20of%20users%20wouldn't%20bother%20-%20is%20there%20a%20way%20to%20force%20a%20user%20down%20this%20route%3F%3C%2FP%3E%3CP%3EOr%20is%20there%20another%20option%20we%20haven't%20thought%20of%3F%3C%2FP%3E%3CP%3ESecond%20issue%20is%20we%20have%20requirements%20around%20both%20MAM%20and%20MDM%20which%20is%20causing%20a%20headache%20but%20that's%20secondary.%26nbsp%3B%20If%20I%20could%20fix%20issue%201%20above%20then%20I%20can%20probably%20win%20the%20argument%20on%20the%20rest.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20is%20everyone%20else%20approaching%20intune%20and%20BYOD%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-265601%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Application%20Management%20(MAM)%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-265893%22%20slang%3D%22en-US%22%3ERe%3A%20BYOD%2C%20Windows%2010%20force%20Azure%20AD%20registration%20for%20MAM%20to%20correctly%20apply%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-265893%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EYou%20can%20force%20them%20to%20use%20the%20Managed%20Apps%20using%20Conditional%20access%20then%20they%20will%20not%20be%20able%20to%20access%20the%20services%20using%20a%20non%20manged%20app.%20Maybe%20some%20users%20will%20not%20bother%20but%20then%20they%20won't%20have%20access%20to%20their%20mail%2Fcalender%20on%20their%20mobile%20device%20either..%3C%2FP%3E%0A%3CP%3ERegards%2C%3CBR%20%2F%3EJ%C3%B6rgen%3C%2FP%3E%3C%2FLINGO-BODY%3E
Mike Rowland
Contributor

Our BYOD policy requires us to lock down access to 365 via browser only and prevent data egress.  We can do this using app protection but it only works 100% as required once the device is azure ad registered.  As far as I can see this is a user driven task - this will never work as probably 50%+ of users wouldn't bother - is there a way to force a user down this route?

Or is there another option we haven't thought of?

Second issue is we have requirements around both MAM and MDM which is causing a headache but that's secondary.  If I could fix issue 1 above then I can probably win the argument on the rest.

 

How is everyone else approaching intune and BYOD?

1 Reply
Highlighted

Hi,

You can force them to use the Managed Apps using Conditional access then they will not be able to access the services using a non manged app. Maybe some users will not bother but then they won't have access to their mail/calender on their mobile device either..

Regards,
Jörgen

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies