BYOD security for desktops - Windows/Mac
What is the best method to secure a Windows or Mac BYOD device without enrolment? Can Intune App Protection policies be applied to desktop client applications - Teams/Outlook/Word/Excel/PowerPoint? E.g., If a user is allowed to use Outlook or Teams desktop app on their personal Windows laptop, can that user be prevented from downloading an attachment or a file from within teams. How about stopping the user from taking a screenshot? Or true BYOD security can only be achieved with enrolment of the device in Intune? If yes, it will be problematic as end users will not be happy to enrol their personal devices into Intune.Android Enterprise COPE Device Restrictions lacking basics (compared with (Personal) Work Profile)
I've noticed that the available options in Device Restrictions configuration profiles for COPE devices do not include the "Work profile settings" set, like the Personally-owned Work Profile Device Restriction configuration profiles do. Things like blocking copy/paste between Personal and Work profiles, essentially all the settings that are available and described here - https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-android-for-work#personally-owned-devices-with-a-work-profile-settings Does anyone know, is there a detour-like solution to get these controls available for COPE devices?
What BYOD options of deployment do I have with Intune
Hi all, We are in the process of looking at allowing users using their own laptops, mobile phones and/or tablets. I am unsure what options in Intune I have to allow access to company data and/or apps. We do currently use Intune MDM for iOS devices and a small number of Android mobile phones. (both are company owned devices). I am aware of MDM and MAM but unsure which one I want to use for personal devices. Those devices could be Windows 10 home laptops, Personal Android mobiles, Android tablets, iPhones or iPads. Can I use MDM and MAM simultaneously or do we have to pick one or the other? MAM as I understand it allows me to protect apps/data on devices that are not managed via Intune in supported applications where i can do rules such as do not allow to save or copy files from Onedrive to the local device. MDM is mobile device management where they can either be corporately enrolled or a user can enroll his/her own device.Securing data on BYOD
I am looking for some advice on best practice for protecting corporate data on personal Windows devices. All data is residing in O365 and and we already have App Protection Policies in place to protect data on iOS and Android devices. All users are licensed for O365 E5 EMS and AD P1. Our requirements are to only allow devices to access O365 data from Windows 10 devices with antivirus and disk encryption. We also want to restrict the ability to date data locally, outside of enterprise apps. We have tested with App Protection Policies and Conditional Access however are unable to get the policies to take effect. Any advice on the best approach to achieve this would be greatly appreciated!
