Securing data on BYOD

scurrier · ‎Jan 06 2020

I am looking for some advice on best practice for protecting corporate data on personal Windows devices. All data is residing in O365 and and we already have App Protection Policies in place to protect data on iOS and Android devices.

All users are licensed for O365 E5 EMS and AD P1. Our requirements are to only allow devices to access O365 data from Windows 10 devices with antivirus and disk encryption. We also want to restrict the ability to date data locally, outside of enterprise apps.

We have tested with App Protection Policies and Conditional Access however are unable to get the policies to take effect.

Any advice on the best approach to achieve this would be greatly appreciated!

Dean Gross · ‎Jan 06 2020

@scurrier have you seen https://docs.microsoft.com/en-us/intune/apps/apps-add-office365 and https://docs.microsoft.com/en-us/intune/apps/lob-apps-windows.

You may also want to enroll Windows Defender ATP in MCAS, https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration

The MIP SDK could also be of interest https://docs.microsoft.com/en-us/information-protection/develop/setup-configure-mip and this overview of the entire MIP portfolio describes the big picture https://www.microsoft.com/en-us/security/technology/information-protection

Moe_Kinani · ‎Jan 06 2020

Use Windows Information Protection and Conditional Access, please refer to the article below, it explains how to use WIP with Conditional Access.

https://www.inthecloud247.com/force-windows-information-protection-with-conditional-access/

I would also restrict Download of SharePoint content on Personal Devices, this can be done by Conditional Access as well.

Let me know if you have any questions!

Moe

Securing data on BYOD

Securing data on BYOD

Re: Securing data on BYOD

Re: Securing data on BYOD

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Securing data on BYOD