Protect unmanaged computers with Microsoft 365 Business Premium

This objective is focused on protecting unmanaged computers, such as Windows 10 or 11 computers and Mac computers that are neither enrolled in Microsoft Intune nor onboarded to Microsoft Defender for Business. If your business or campaign has staff who bring their own devices, such as personally owned phones, tablets, and PCs, ask users to take certain steps to protect business information that might be on their devices.


This article applies primarily to unmanaged (or BYOD) devices. Guidance for protecting managed devices is available here: Set up and secure managed devices.

Learn more about managed and unmanaged devices.

It's critical that you ensure users follow these guidelines so that minimum security capabilities are configured on all the bring-your-own devices (also referred to as BYOD devices).

Windows 10 or 11

Turn on device encryption

Device encryption is available on a wide range of Windows devices and helps protect your data by encrypting it. If you turn on device encryption, only authorized individuals will be able to access your device and data. See turn on device encryption for instructions.

If device encryption isn't available on your device, you can turn on standard BitLocker encryption instead. (BitLocker isn't available on Windows 10 Home edition.)

Protect your device with Windows Security

If you have Windows 10 or 11, you'll get the latest antivirus protection with Windows Security. When you start up Windows 10 for the first time, Windows Security is on and actively helping to protect your PC by scanning for malware (malicious software), viruses, and security threats. Windows Security uses real-time protection to scan everything you download or run on your PC.

Windows Update downloads updates for Windows Security automatically to help keep your PC safe and protect it from threats.

If you have an earlier version of Windows and are using Microsoft Security Essentials, it's a good idea to move to Windows Security. For more information, see help protect my device with Windows Security.

Turn on Windows Defender Firewall

You should always run Windows Defender Firewall even if you have another firewall turned on. Turning off Windows Defender Firewall might make your device (and your network, if you have one) more vulnerable to unauthorized access. See Turn Windows Firewall on or off for instructions.

Next mission

Okay, mission complete! Now, let's work on securing the email system against phishing and other attacks.