cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

BYOD security for desktops - Windows/Mac

Gurdev Singh
Iron Contributor

‎Jan 19 2022 06:38 PM

‎Jan 19 2022 06:38 PM

BYOD security for desktops - Windows/Mac

What is the best method to secure a Windows or Mac BYOD device without enrolment? Can Intune App Protection policies be applied to desktop client applications - Teams/Outlook/Word/Excel/PowerPoint? E.g., If a user is allowed to use Outlook or Teams desktop app on their personal Windows laptop, can that user be prevented from downloading an attachment or a file from within teams. How about stopping the user from taking a screenshot?

 

Or true BYOD security can only be achieved with enrolment of the device in Intune? If yes, it will be problematic as end users will not be happy to enrol their personal devices into Intune. 

 

 

 

 

4,241 Views
0 Likes
6 Replies
Reply
6 Replies
Rudy_Ooms_MVP

‎Jan 19 2022 10:17 PM - edited ‎Jan 19 2022 10:19 PM

‎Jan 19 2022 10:17 PM - edited ‎Jan 19 2022 10:19 PM

Re: BYOD security for desktops - Windows/Mac

App protection for windows --> Windows information protection --> user needs to be in the mam scope. And of course configure WIP :).

Force Windows Information Protection with Conditional Access | (inthecloud247.com)

But WIP is not my cup of tea... I rather just make sure all devices are just managed and enforced with conditional access... but that is only me :)

BYOD is great for mobile devices... :)

0 Likes
Reply
Mr_Helaas

‎Jan 19 2022 10:51 PM

‎Jan 19 2022 10:51 PM

Re: BYOD security for desktops - Windows/Mac

Hi gurdev,

As Rudi already mentioned for mobile device with iOS/iPadOS/Android you can use mobile app protection policies without enrollment.

For windows you can use wip (windows information protection) to separate personal data from corporate data and personal data and a minimum protection.

You can use azure information protection to protect your data and it is also possible to combine it with wip.

For macOS is it not possible to use app protection policies. I know you’ve asked to protect the desktop apps but I want to make you aware of another solution what you can use.

You can also use the online version of office and microsoft defender for Cloud apps to protect for example copy/paste/print.

https://janbakker.tech/control-access-from-unmanaged-devices-with-cloud-app-security/

Kind regards,

Rene

0 Likes
Reply
Rudy_Ooms_MVP

‎Jan 20 2022 01:59 AM

‎Jan 20 2022 01:59 AM

Re: BYOD security for desktops - Windows/Mac

As Rudi :p ? who is that :)
MCAS..ehhh Defender for cloud apps is indeed also a great addition into securing your byod devices and accessing data from your browser
0 Likes
Reply
Mr_Helaas

‎Jan 20 2022 02:06 AM

‎Jan 20 2022 02:06 AM

Re: BYOD security for desktops - Windows/Mac

Sorry I am so sorry Rudy! It was early haha
0 Likes
Reply
Gurdev Singh

‎Jan 20 2022 06:49 PM

‎Jan 20 2022 06:49 PM

Re: BYOD security for desktops - Windows/Mac

Thanks @Mr_Helaas & @Rudy_Ooms_MVP.

I wanted to check if you ever recommend enrolment for a BYOD device. In my opinion enrolling a BYOD device is no go as device is owned by the user and enrolling it brings the device under management of MDM which means Organisation can do pretty much what they like with it. Now, most Organisations will not do anything stupid with their users devices but that's not the point. If Organisation requires enrollment then they must provide a corporate owned device to user.

So for BYOD solution:
Android/iOS: Intune MAM without enrolment
Windows/MAC: Browser only limited web access on personal devices or use Windows Virtual Desktop.


0 Likes
Reply
Rudy_Ooms_MVP

‎Jan 21 2022 12:09 AM

‎Jan 21 2022 12:09 AM

Re: BYOD security for desktops - Windows/Mac

Check the response on the post you created :)
0 Likes
Reply