BYOB Policy Examples

Zuco · 2016-08-26T14:18:09.000Z

We allow people to BYOB for 2 reasons. 1 Company email on a personal smartphone, and Remote access from a home PC/Laptop. I almost always set these up for people. It’s been a long time coming but its time to refresh the employee handbook and I would like to add a policy explaining these things. Operating systems should be unto date on a currently supported operating system, by connecting to email the company has the ability to wipe the device if it was lost, stolen or if if it is not removed (and showed/proved) upon the end of employment etc.

I was wondering what everyone does to accomplish this? We are a smaller company with no MDM as these are not mobile devices. Suggestions?

moca111 · 2016-08-26T14:29:32.000Z

Do you guys use Office365 for email? I recently moved over one of the companies I support to MDM as Azure MDM is included in their O365 subscription. Azure MDM can work magic on computers as well.

I believe that even spiceworks has a MDM option through manage engine I think.

Remote access from home PC / Laptop is something you could make a firm IT policy for.

kptim · 2016-08-26T14:35:25.000Z

Are we talking about Bring Your Own Beer?

Zuco · 2016-08-26T14:36:22.000Z

MoCA111:

Do you guys use Office365 for email? I recently moved over one of the companies I support to MDM as Azure MDM is included in their O365 subscription. Azure MDM can work magic on computers as well.

I believe that even spiceworks has a MDM option through manage engine I think.

Remote access from home PC / Laptop is something you could make a firm IT policy for.

Ya we do, but it’s just the email plan + Office Basic.

Zuco · 2016-08-26T14:36:56.000Z

Tim-H:

Are we talking about Bring Your Own Beer?

Sorry BYOD, oh well maybe it will get a few eyeballs this way. It’s Friday after all.

kptim · 2016-08-26T14:56:15.000Z

Yeah I couldn’t help it, getting ready to get Friday into full swing.

moca111 · 2016-08-26T15:30:28.000Z

I just checked the spice works free MDM and it does not allow remote wipe etc.

Believe it or not, you might have access to azure MDM even with that subscription! Login to your admin portal, and check the Security and Compliance center, and click on the Device Management tab!

tool.PNG184×861 14 KB

SC.PNG800×722 153 KB

Barring any access to MDM, then your only option would be to change the password immediately / maybe even withhold their last cheque until you can confirm the email is removed if someone leaves / fired.

Zuco · 2016-08-26T17:06:49.000Z

MoCA111:

I just checked the spice works free MDM and it does not allow remote wipe etc.

Believe it or not, you might have access to azure MDM even with that subscription! Login to your admin portal, and check the Security and Compliance center, and click on the Device Management tab!

Barring any access to MDM, then your only option would be to change the password immediately / maybe even withhold their last cheque until you can confirm the email is removed if someone leaves / fired.

Thanks, the question isn’t as much of how to do it but what to put in the Company Handbook saying we can do it.

brianeibert · 2016-09-20T17:14:33.000Z

Do you have a legal department? I think this is something that they will have to be involved in since you are talking about users’ personal devices. Are you leaving an option for your users to opt-out of having this access? If the answer is “no”, I would definitely want to be certain you aren’t getting into sticky legal situations in the event you have to do a remote wipe.

Brian

ryanmiller14 · 2016-10-03T17:32:49.000Z

I’m completely against BYOD (personal preference), especially without an MDM in place. I believe that you’re just asking for trouble. You may not have had any problems as of yet, but remember: it only takes one. I just feel that the security risks far outweigh any gains to be had. Is it an attempt to save money by not purchasing company-owned devices for employees to use? If so, that makes a little more sense, but I still couldn’t pull the trigger on that. Sorry, just wanted to be honest with you.