Protect unmanaged Windows PCs and Macs in Microsoft 365 Business Premium

This objective is focused on creating protection for any unmanaged Windows 10 PCs and Macs not enrolled in Microsoft Intune. It is very likely your small business or campaign may have staff who bring their own devices (BYOD), and these devices are not managed. BYOD include personally-owned phones, tablets, and PCs.


BYOD users must each install and run the Company Portal app to enroll these devices and receive access to company resources.

It's critical that you ensure your frontline users follow these guidelines so that minimum security capabilities are configured on all the BYOD devices.

Windows 10 or 11

Turn on device encryption

Device encryption is available on a wide range of Windows devices and helps protect your data by encrypting it. If you turn on device encryption, only authorized individuals will be able to access your device and data. See turn on device encryption for instructions.

If device encryption isn't available on your device, you can turn on standard BitLocker encryption instead. (BitLocker isn't available on Windows 10 Home edition.)

Protect your device with Windows Security

If you have Windows 10 or 11, you'll get the latest antivirus protection with Windows Security. When you start up Windows 10 for the first time, Windows Security is on and actively helping to protect your PC by scanning for malware (malicious software), viruses, and security threats. Windows Security uses real-time protection to scan everything you download or run on your PC.

Windows Update downloads updates for Windows Security automatically to help keep your PC safe and protect it from threats.

If you have an earlier version of Windows and are using Microsoft Security Essentials, it's a good idea to move to Windows Security. For more information, see help protect my device with Windows Security.

Turn on Windows Defender Firewall

You should always run Windows Defender Firewall even if you have another firewall turned on. Turning off Windows Defender Firewall might make your device (and your network, if you have one) more vulnerable to unauthorized access. See Turn Windows Firewall on or off for instructions.

Next mission

Okay, mission complete! Now, let's work on securing the email system against phishing and other attacks.