Securing data on BYOD

%3CLINGO-SUB%20id%3D%22lingo-sub-1092155%22%20slang%3D%22en-US%22%3ESecuring%20data%20on%20BYOD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1092155%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20looking%20for%20some%20advice%20on%20best%20practice%20for%20protecting%20corporate%20data%20on%20personal%20Windows%20devices.%26nbsp%3B%20All%20data%20is%20residing%20in%20O365%20and%20and%20we%20already%20have%20App%20Protection%20Policies%20in%20place%20to%20protect%20data%20on%20iOS%20and%20Android%20devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20users%20are%20licensed%20for%20O365%20E5%20EMS%20and%20AD%20P1.%26nbsp%3B%20Our%20requirements%20are%20to%20only%20allow%20devices%20to%20access%20O365%20data%20from%20Windows%2010%20devices%20with%20antivirus%20and%20disk%20encryption.%26nbsp%3B%20We%20also%20want%20to%20restrict%20the%20ability%20to%20date%20data%20locally%2C%20outside%20of%20enterprise%20apps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20tested%20with%20App%20Protection%20Policies%20and%20Conditional%20Access%20however%20are%20unable%20to%20get%20the%20policies%20to%20take%20effect.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20advice%20on%20the%20best%20approach%20to%20achieve%20this%20would%20be%20greatly%20appreciated!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1092155%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EBYOD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1092278%22%20slang%3D%22en-US%22%3ERe%3A%20Securing%20data%20on%20BYOD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1092278%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F507695%22%20target%3D%22_blank%22%3E%40scurrier%3C%2FA%3E%26nbsp%3Bhave%20you%20seen%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fapps%2Fapps-add-office365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fapps%2Fapps-add-office365%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fapps%2Flob-apps-windows%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fapps%2Flob-apps-windows%3C%2FA%3E.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20may%20also%20want%20to%20enroll%20Windows%20Defender%20ATP%20in%20MCAS%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fwdatp-integration%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fwdatp-integration%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20MIP%20SDK%20could%20also%20be%20of%20interest%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Finformation-protection%2Fdevelop%2Fsetup-configure-mip%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Finformation-protection%2Fdevelop%2Fsetup-configure-mip%3C%2FA%3E%26nbsp%3Band%20this%20overview%20of%20the%20entire%20MIP%20portfolio%20describes%20the%20big%20picture%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Ftechnology%2Finformation-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Ftechnology%2Finformation-protection%20%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1093470%22%20slang%3D%22en-US%22%3ERe%3A%20Securing%20data%20on%20BYOD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1093470%22%20slang%3D%22en-US%22%3EUse%20Windows%20Information%20Protection%20and%20Conditional%20Access%2C%20please%20refer%20to%20the%20article%20below%2C%20it%20explains%20how%20to%20use%20WIP%20with%20Conditional%20Access.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.inthecloud247.com%2Fforce-windows-information-protection-with-conditional-access%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.inthecloud247.com%2Fforce-windows-information-protection-with-conditional-access%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI%20would%20also%20restrict%20Download%20of%20SharePoint%20content%20on%20Personal%20Devices%2C%20this%20can%20be%20done%20by%20Conditional%20Access%20as%20well.%3CBR%20%2F%3E%3CBR%20%2F%3ELet%20me%20know%20if%20you%20have%20any%20questions!%3CBR%20%2F%3E%3CBR%20%2F%3EMoe%3C%2FLINGO-BODY%3E
New Contributor

I am looking for some advice on best practice for protecting corporate data on personal Windows devices.  All data is residing in O365 and and we already have App Protection Policies in place to protect data on iOS and Android devices.

 

All users are licensed for O365 E5 EMS and AD P1.  Our requirements are to only allow devices to access O365 data from Windows 10 devices with antivirus and disk encryption.  We also want to restrict the ability to date data locally, outside of enterprise apps.

 

We have tested with App Protection Policies and Conditional Access however are unable to get the policies to take effect.

 

Any advice on the best approach to achieve this would be greatly appreciated!

2 Replies
Use Windows Information Protection and Conditional Access, please refer to the article below, it explains how to use WIP with Conditional Access.


https://www.inthecloud247.com/force-windows-information-protection-with-conditional-access/

I would also restrict Download of SharePoint content on Personal Devices, this can be done by Conditional Access as well.

Let me know if you have any questions!

Moe