Share via

BYOD / personal equipment

Olivier-202 60 Reputation points
2024-08-30T07:54:39.94+00:00

google traduction :

Hello,

I would like to post a question about the concept of BYOD.

I have consulted numerous documentations and training courses on the subject and I admit that I am a little uncertain about the position to take when it comes to personal computer workstations.

Namely, within the company, we have employees who work from home on their personal computers and I am a little unclear about the rights and limits that the company has as power (concerning personal equipment).

The case does not arise for computers on the company premises or I have joined them to the domain with integration on INTUNE to apply strategies, installation of Windows DEFENDER (report vulnerabilities, attack surfaces, etc.).

As a result, I am wondering about the best way to manage personal PCs to maximize the security of these workstations while respecting the limits of what the company has the right to do on these workstations that do not belong to it.

I already have access conditions, compliances (antivirus, firewall, etc.) applied but I am hesitant about what else I am allowed to do on personal PCs.

I would like to install Windows Defender on these workstations in order to have visibility on vulnerabilities, etc. but do I have the right to do so and/or impose it? Then have control over it on Intune (this would involve joining the domain) ...? etc..?

If you have any ideas or examples to give me, I am interested :)

Thank you very much for your feedback :)

Have a nice day everyone.

Olivier

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
Microsoft Security | Intune | Security
Microsoft Security | Intune | Enrollment
Microsoft Security | Intune | Other
0 comments
Accepted answer
  1. Crystal-MSFT 53,991 Reputation points Microsoft External Staff
    2024-08-30T09:14:17.43+00:00

    @Olivier-202, Thanks for posting in Q&A. You can enroll these personal devices into Intune, and deploy policies, set rules, configure device features, and more. This depends on your requirement. For Android, iOS devices, you can use app protection policies that focus on protecting app data, such as Outlook, Teams, and Sharepoint. For windows device, Intune marks devices that are Microsoft Entra registered as personally-owned devices.

    https://learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment#personal-devicesWe can enroll the personal device via company portal. As a note, please ensure the enrolled user has Microsoft Intune Plan 1 license. After the device enroll into Intune, you can deploy app in Intune.

    https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-windows-10-device

    To deploy Windows Defender via Intune, you can add it via Microsoft Store new app.

    User's image

    https://learn.microsoft.com/en-us/mem/intune/apps/store-apps-microsoft

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Olivier-202 60 Reputation points
    2024-09-02T14:22:32.5966667+00:00

    Google traduction :

    Hello, thank you very much for taking the time to answer me. I see things much more clearly and there are indeed interesting levers to protect the environment. Thank you again and have a nice day.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.