Yes you can. You would require Intune to accomplish this. You can create data boundaries so that documents and files can be viewed, and tracked but not saved. You would also have the option to wipe any corporate data while leaving the users personal data in tact.
BYOD Win 10/11 device data restrictions
Hi
If we let user to register BYOD Windows 10/11 devices, is there a way to secure the corporate data on that device?
Meaning that user could not copy files from corporate OneDrive folders to personal folders in that device or save Office files, opened from corporate OneDrive folders with for example Word, to personal file locations and so on.
I would appreciate some advice about securing corporate data in BYOD windows 10/11 devices. What can we do and what we can't do.
3 answers
Sort by: Most helpful
-
-
Lu Dai-MSFT 28,361 Reputation points
2022-02-16T01:18:44.307+00:00 @IMK Thanks for posting in our Q&A.
For this issue, Windows Information Protection will make it.
https://learn.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip#why-use-wipYou can refer to the following article to create a WIP policy with intune:
https://learn.microsoft.com/en-us/mem/intune/apps/windows-information-protection-policy-create
When the apps are added in the protected apps list, the data in these apps are corporate data, WIP will encrypt the data on the device.Hope it will help.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
IMK 421 Reputation points
2022-02-18T07:50:56.463+00:00 So, do I create these data boundaries using WIP?