It's unreal to think that only ten years ago most mid-to-large enterprise companies were still handing out BlackBerry smartphones to significant numbers of their workforces. But the key reason those companies liked the BlackBerry was its security and management capabilities outstripped all competitors. Although many Millennial workers cannot imagine an employer without a bring your own device (BYOD) policy, the fact is that BYOD is still relatively new—and it doesn't just happen. Everyone in IT that works with BYOD policies knows that adding a personal iPad or Android phone to a corporate network must be done in a way that both protects the company's corporate assets and provides the employee with a seamless working experience.
For a little over a year, Amaxra has used a combination of Microsoft Intune and Enterprise Mobility + Security (EMS) to manage the business apps and corporate data accessible to our employees on their mobile devices. It's been crucial for us to delineate between the business and personal because of Amaxra's BYOD policy. We owe much of our business agility to investing in Office 365 and embracing the cloud early. But it wasn't until we leveraged the mobile device management and mobile application management capabilities of Intune and EMS that we took secure BYOD to the next level.
How we use Intune
We wanted to provide an increased level of security for Amaxra's assets to ensure our customer data, emails, contacts, and other Amaxra intellectual property are inaccessible as soon an employee leaves the company. We chose Microsoft Intune to manage our systems due to its ability to operate across multiple device platforms. We configured Intune with a BYOD policy that only allowed devices connected to Amaxra's network to use managed apps instead of being able to use unmanaged apps. The best example of how this Intune policy worked was that Amaxra employees could not access their corporate email using the native Apple Mail app in iOS or the Gmail app built into Google Android.
Our IT department can log into our Intune Dashboard to see how many users using iOS and Android are currently managed under the policies:
With Intune, we can target multiple apps including Microsoft Outlook, Microsoft Dynamics 365 CRM, SharePoint, and the latest Microsoft Teams app running on any of the major operating systems. In this example, we are using the Targeted Apps setting to enact policies for iOS devices at Amaxra:
You can add apps that are available in Apple, Google, and Microsoft app stores, or apps that are developed in-house for your organization. Most of the big names in enterprise apps such as Adobe Acrobat and SAP have built-in Targeted App policies, and Microsoft is constantly adding more apps for both Android and iOS.
Better BYOD with Enterprise Mobility + Security
In addition to Intune, we added Microsoft Enterprise Mobility + Security (EMS) to give us granular control over the data that Amaxra devices can access. Adding EMS is important to a company's BYOD strategy because it provides you with the capability of separating corporate data from personal data. That's crucial for ensuring your company's customer contacts and intellectual property are accessible but not mixed in with personal contacts and data on a user's personal device. We've enacted policies that limit the ability of Amaxra devices to copy-and-paste or otherwise move secure Amaxra data to the personal device.
The combination of Intune and EMS provides Amaxra with a simple, centralized management portal accessible from any internet-connected device. We use this portal to manage our BYOD policies and take actions targeted on specific devices. For example, we can remotely install licensed software and apps required for new employees onto their devices with minimal IT or user intervention. The granularity in control is important from an IT security standpoint because we don't just install anything and everything onto a new employee's device. We determine what apps are required by employees to do their job effectively, how the apps need to integrate with cloud services such as SharePoint Online and OneDrive For Business, and what data the apps must access.
Conversely, when an employee leaves the company it's part of our standard BYOD processes to log into the Intune portal and submit a Wipe Request on their specific personal device. The great thing about Wipe Request is that it performs a selective wipe, only targeting the managed apps on a user's phone. The action is done remotely, without any physical intervention from our IT department and without the need to have the device in Amaxra's offices. It also maintains the personal privacy of the user by only removing the company data that was stored on the phone and does not touch any other data on the person's mobile device or tablet. This also maintains the integrity of your corporate data and your company's IT security.
Empower your workforce
A good BYOD policy backed by the power of the cloud can supercharge your business' productivity. At Amaxra, we leverage mobile and cloud for our own employees
and use those same technologies and processes to empower your business.
Contact me at firstname.lastname@example.org or call 425 708 8841 if you have any questions or comments on this blog.