Setting up the ultimate BYOD configuration for iOS and Android.
HTML-код
- Опубликовано: 15 янв 2023
- Ever wondered what you can do to protect your organization data on those devices that are out of the management scope? In this demo I will show you how it's done.
If you have any question, let me know! 
Наука
Exceptional content, easy to understand and follow.
Thanks for this content, Alex !!!
Keep it going, please.
I will :)
Great video, did some configuration according to the advise given .. :)
Very clear. Keep up the good work!
Brilliant Video many thanks for your help on this.
Glad it helped
Finally new content! Thanks
More to come!.. :)
Excellent sir!! Thank you !!!!
Glad you like it
very good video, thank you.
thank you!
First time on your channel and I already know I'm going to like it because your company tenant is Dunder Mifflin 😂
that is a very good reason!!! :) I love that show
Tnx Alex. Just the info that’s needed ;-)
Happy to help!
Great video Alex!
Maybe someone has asked this already
How can we add all apps such as Slack, or other 3rd party apps to be managed with policies also?
This is referring to Android and iOS devices that sign into our Slack account using our work SSO
Thank you!
I think you missed on showing us how the Android device is enrolled and signed into but still I enjoy your content.
Hi Alex. Do you have a video that covers the MAM app protection policy creation for IOS in a BYOD environment? This video had the steps for creating the policy for Android, but I'm also looking to create one for iOS.
Great vid. Thanks.
That handles access / DLP for corporate data.
But what about the "quality of life" features an MDM would allow for?
Is there some way to (force) deploy apps or app configurations, shortcuts etc. to unmanaged MAM devices? Greatly appreciated :)
Hello Alex,
Thank you for this great video! It’s very informative! I’d like to ask a couple of questions if that’s okay. I’m failing new to this, so I hope my questions will make sense to you.
1. For app protection policies, do we need to have separate policies for iOS/iPadOS and Android, or a single policy can be applied to both device users? My concern is that I have all the users in one Entra Group, and I don’t know how it’d work if I assign two policies to the same group.
2. Can more than one Conditional Access policy be applied to the same group for BYOD? I’m thinking of device restrictions as well as device cleanup rules for devices that have not checked in for a certain number of days.
Thank you and appreciate it!
We have implemented Compliance Policy, App Protection Policy, Apple MDM Push cert and Conditional Access Policy that "Require Compliant device" to access Office 365. Situation is: users are already using M365 apps. Seems like the MDM enrollment is not being triggered because iOS users can continually use the Teams and Outlook even though they are not yet-MDM-enabled.
big up
Alex, I got a question:
What would be a recommended way to restrict/block your organization's OneDrive sync in Mac OS for unenrolled devices?
Are there any reference docs in Microsoft Intune or Conditional Access service that could be used?
Check out my other video I released this week.. that one will also handle OneDrive sync
Looks great. Unfortunately the device type option (min 3:50) disappeared, it's not possible anymore to select unmanaged devices. I guess we have to make custom dynamic EntraID groups to assign the policy to? For example (device.deviceManagementAppId -eq null) and (device.deviceOSType -eq "Android") ?
Funny that Windows Phone is still a choice at the 1:54 mark.
i did the same settings, but i am still able to sign in with third party apps like mail app (iphone) and the policy not yet forcing the users app protection like it asked me to setup PIN code but i still can copy data from corp app to other apps! how long the policy need to be fully replicated?
what will happen if a user also used Outlook(or other microsoft apps) with his private mail and also want to use corporate email?
Hi Alex,
Thanks for this content it is unbelievably helpful, one question if you dont mind please.
how can we block access to outlook from outside the work profile in android, for example a byod android device will have a work profile but i do not want to allow users to access emails from the outlook or native mail clients outside the work profile,
yes you can. you would need a conditional access policy for that situation.
I am a Business Manager Admin. I want to allow my user to BYOD or User Enrolment. What steps should I follow besides from Intunes.
Is there any way I can allow my users to enable sign in with their work account on their own device.
Great video! < but for me doesn't work and it's pretty frustrating. Looks like it;s an easy set up, but my outlook on my iphonee will never follow any policies I set up
Hello! Does this work so as to prevent users from using the downloaded gmail app but rather use the approved gmail app in InTune?
@Alex de Jong is it possible to block adding Corp and Personal Outlook Or OneDrive account on a iOS BYOD device. Please advise how THanks
Hey great video. Can you use compliance policies for byod iOS devices and block non compliant with conditional access ? Thanks :)
compliance policies only work when devices are managed.
Hi there. Was wondering if you can help. I sold my HP laptop few days ago and wanted to know if working using Microsoft 365 on an Android tablet is as good or if not better than the online version? Or do you think it's still best to just get a Windows laptop?
I like to have a keyboard present. but for the OS, there is no big difference between the office apps.
Hi Alex,
QUestion: do you need to enroll the device to intune? do you have to do something on the device for this restrictions to take effect on it?
Hi, no the purpose is not to enroll the devices into intune. the devices remain unmanaged.
@@azuredude I followed this guide, but when logging into Outlook mobile app, I got this prompt "Help us keep your device secure" Register your device to continue." forcing me to register the device in Intune.
PS. Thank you very much for this valuable content. Keep it up, man.
explain to us : app configuration policy in Microsoft Intune
I found this from the MS Documentation:
For Android devices, the Company Portal app is required to receive app protection policies.
This indeed is true. When I open Outlook for the first time with a targeted user there is a message saying that I also need the Company Portal..
perfect. by the way, the authenticator app from microsoft would also do
@@azuredude How? This MS Authenticator was already there. But didn't work. After installing the CP it did.
@@patrick__007 Yeah, same case. It prompts me to install CP though I have MS Authenticator installed.
One thing I notice with App PP is when on Android BYOD adding a corp account, all of the photos are getting synced, even though the settings on Android "Camera Backup" show saying "Other accounts are not eligible".
Example:
I have a personal OneDrive on Android > I will add a Corp account to the OneDrive app > It will ask me to enable backup, I will skip that > I will take a photo on BYOD device > The photo will get sent/synced to my corp OneDrive :( ... We can repro those steps on 10 test devices... Pixel 7 PRO and Samsung Galaxy 22 ultra...
your corp onedrive is considered a safe place as it is also protected by microsoft365.
I have tried the CA policy creation for macOS devices, but got the following error: "MAM policy can only be applied to Android or iOS client platforms."
What would be the solution to configure this for unenrolled macOS devices?
ruclips.net/video/M24LzPto05E/видео.html
This is the macOS version… please let me know if you have any other questions.
I have set up both an iOS and Android policy and everything is working fine, however the edit function is not working for any Office doc. What have I missed?
what do you mean with the edit function?
What are you using to remote into your phone
i use a tool named: reflector by airsquirels.
Hey Alex,
Can we able to block screenshot or screen capture in ios/ipad BYOD? for managed apps only, I tried enforcing through configuration policy, But it enforces to the entire device, I just want to know & i would like to block screen capture only on managed devices BYOD ?
is that possible ios/ipad devices? just waiting for your reply
also i'm aware this can be done in andriod
Hi, currently blocking screenshots is not supported for iOS/iPadOS.. it is however supported for Android
@@azuredude thanks for the update, I was mad on this setting from long time.
Thanks again alex.
Also one more question, Do we need a managed google play id for andriod device management. i.e personal owned device?
You only focused MAM .. not work/profile and personal enrollment for iOS .. both suitable for BYOD i think
Microsoft no longer recommend the use of "Require approved client app", insted they recommend to use " Require app protection policy" or both.. After March 2026, Microsoft will stop enforcing require approved client app control
correct.. thanks for sharing