Are you protecting corporate data on personal phones?

The Bring Your Own Device (BYOD) Challenge

With the increased use of Microsoft Teams and Outlook, more and more people are using their personal devices to access corporate productivity tools and data.

Historically the approach (in many cases) has been to provide a corporate device with traditional controls in place, designed to limit the use and potential risk of data loss.

If controls are not in place, employees might be saving work data onto their personal phones, with no assurance over the security of the device or where the data has travelled from the phone.

Why can’t I use my personal phone?

The primary challenge with personal phone use has been limiting the risk of a data breach, whilst ensuring the applications can be accessed in a manner that is not prohibitive.

Bring-your-own-device (BYOD) use in many cases has either been

• Fully embraced (experience delivered via existing tooling)
• Unapproved and advise on having a work device
• Unapproved but not technically prohibited
• It just happens (because its allowed by default in Office 365)

Some of the Device Challenges Include

• who is accessing work resources?
• Is the data secured?
• Is the experience easy for our staff?
• What is the support team overhead?

Use Any Device

With Intune, it is possible to meet the demands of the modern workplace and secure the use of personal devices. Controls can be put in place to protect any 365 data for any existing or new device (iOS or Android).

This can take affect immediately for any existing device, immediately securing the existing BYOD use.

How is this achieved?

The approach is delivered by securing the identity and application, not by directly securing the device.

Application & Identity Protection

By using an mixture of tools with the Azure/365 suite, it is possible to apply controls against the 365 application suite (including Microsoft Edge) when a work identity is used to sign in.

Using this approach, work data is kept separate from personal data, with the option to securely “wipe” the corporate data if required.

The Experience

The Impact on the Support Team

Integys approach is designed to be “light touch” and effective to all staff, whilst requiring little involvement from the IT support team.

After a successful pilot, the policy can be implemented immediately to all staff who are using their work credentials onto a personal device.

Once an employee has been added to the policy, it is affective on

• any and every device on iOS and Android, already in use
• any future device which they log into

The policy mandates no jailbroken or rooted devices and provides a level of device compliance.

Corporate data can be remotely wiped from the device.

The Employee Experience

Depending on the type of phone used, the experience is automated and guides the employee through the process. A range of on screen prompts will guide you through and requirements.

To aid the experience, we can provide a guide on first use, for both iOS and Android.

Microsoft Purview | Securing Your Data

Many organisations are already licensed to use further data controls within Azure/365, such as

• Data Loss Prevention policies (protecting what can leave your organisation)
• Defender for Cloud Apps (securing applications, anywhere)
• Security Labels for files (i.e. limiting the flow of confidential files)
• Data Lifecycle Management

Securing the mobile experience is the beginning of a journey to secure your data, to discuss the options of how to further your estate, contact us at [email protected]

#m365 #intune #byod #cybersecurity #dataprotection

Written by Cameron Stephens