1

Hi all

Something that came into thought recently. What happens with free personal use only licensing and BYOD’s

A good example for this would be AVG free licensing on some ones personal laptop but they then bring this to the office (say a company of 50+ users) to work on.

So a simple question with a potentially complicated answer. What should we be doing?

Other questions to go with this;

  • To what extent do this go to?
  • Are there exclusions (for example someone using remote desktop over vpn to a work machine)?
  • What if that person has unlicensed software on their personal device, are we as a company now responsible?

@Microsoft

32 Spice ups
(Bryce Katz) 2

Your BYOD policy needs to state that the owner of the device is responsible for maintaining proper software licensing. Remind staff in the policy that software described as “free for personal use” is NOT licensed for business use, and that using “free for personal use” software for business purposes - including “home” versions of Microsoft Office - puts the user at risk of prosecution. Encourage staff to ask IT when in doubt.

26 Spice ups
3

A few other things to keep in mind:

  • Office 365 allows staff to install the company-licensed version of Microsoft Office on up to 5 devices, including those owned by the user. Office licensing, done.

  • Avast offers a free business antivirus product. But, honestly, who the [redacted] can’t afford $30 a year to put a paid security product on a $400-$1,200 laptop?!

  • Unreimbursed business expenses may be tax deductible. Check with your finance department/company accountant to verify whether staff can claim some or all of the costs related to BYOD.

  • Remember that you cannot require BYOD without reasonable compensation. BYOD is not a way to completely offload equipment and software costs onto your employees. Also, that’s just a dick move. Nobody wants to work for companies which pull crap like that.

14 Spice ups
4

Our company does not use BYOD outside of a few phones and home pcs when working from home, however I am curious to know what would be required in such a situation.

If someone works from home using their own equipment, would their equipment need to have business level software licensing?

Also is telling employees that its their responsibility really enough to protect a business? Does stating that in a policy actually make a business any less liable for the software that a user is using?

I have struggled to find any definitive answer to this? For once microsoft licensing is actually fairly simple in this case as a user CAL would cover you in most cases. But for items like AVG free license for personal use I am unsure where the line is drawn. It is “solely for your personal use” but how does that effect someone working from home one their personal machine?

Antivirus is not going to be the only example of free for personal use licensing model, but its a good example.

5

Depends on the software being used. Microsoft Office, for example, very clearly disallows “home” versions for ANY ongoing for-profit venture. The odd garage sale or lemonade stand? Sure. Generating documents for your employer’s official business? Nope.

1 Spice up
6

Hmmm. Interesting topic. I hadn’t consider this before. Just off the top of my head and stating the obvious, I’d have to say that it depends of how your BYOD configuration is implemented (obviously). In a situation where, say, nobody has a computer at their desk, and all work is done through personal laptops that RDP into terminal servers, then the line between your user’s device and the business’s software is rather clear. As @brycekatz suggests, you take care of your business’s side, and let the user take care of their side. A situation where the line is more blurry (such as the offline mode of XenApp from the little I’ve seen) could be an issue.

1 Spice up
7

In a BYOD situation, I’d say it does. The user is responsible for their device … provided your policy is properly written and clearly communicated.

3 Spice ups
8

In my experience, the license agreements are all pretty much the same: If the software is installed on a computer that is regularly used for business-related activities (that is, doing work for a registered business regardless of profit status), a paid license is required.

However, if you explicitly shift the responsibility for license compliance to the device owner, the actual position of the line really isn’t your concern. You can’t force an employee to install properly-licensed software on their personal computer any more than you can force them to not smoke in their car.

2 Spice ups
9

Just listen to Bryce.

Lol, but honestly, you need to have something in writing. That’s the bare minimum you can do. We do have a lot of BYOD; our board adopted it quite quickly thing that it was a way to getting out of paying for employees’ expenses, which they quickly realized it was not.

If you are having doubts, just look at the instructions of some of the home software you are using. I think that will give you a good idea of what is it being used for and what not. But don’t sweat it. There’s lots of free licensing options of businesses’ available. It is only a matter of looking around.

1 Spice up
10

Here is a simple BYOD policy template. http://www.itmanagerdaily.com/byod-policy-template/

2 Spice ups
(Yasaf Burshan) 11

We don’t allow them. Our users sign a information security document stating that by using their own device the are obligated to use it according to the company policies.

If the company doesn’t have a license - the software is not allowed.

12

How does BYOD even work?

You can’t connect a home user version of Windows to a corporate domain. You can’t lock out users from accessing parts of their personal computer or phone and you can’t expect them to be willing to allow you to have ‘Brick the device’ admin rights over a personal device.

Plus, as others have stated, most home users have software installed not for corporate use, and BYOD breaches that license.

I use my home laptop abroad to RDP to my work computer, that is it!

Home devices should stay at home and work devices should stay at work and never the twain shall meet.

Just my

2cent.jpg
2cent.jpg800×799 192 KB
2 Spice ups
13

In most cases, BYOD doesn’t allow direct connection to corporate networks. There’s typically a dedicated WiFi network for BYOD, and staff uses things like RDP, VPN, or various web-facing portals to do the same stuff. Using a consumer-version OS is a non-issue in this setup.

While you can’t brick a device (“brick” means to render completely inoperable, thereby destroying the device), you most certainly CAN require “wipe the device” rights as part of the BYOD policy. Point of fact: Exchange and O365 can remotely wipe connected devices. Connecting to Exchange on both Android and iOS specifically states that the remote server can be used in this way.

14

Technical nit-pick:

You cannot join a consumer version of Windows to a Windows domain, but home versions of Windows can authenticate to Windows servers and receive DNS/DHCP from Windows servers.

15

So windows 7 home basic & windows 7 home premium can be connected to a corporate domain.

Didn’t realise this , please can you advise how this is done.

According to MS this can’t be done :

http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/can-windows-7-home-premium-join-domains-even/32db6241-4b0e-4fab-a10f-9e282efc6d87?auth=1

I’m not sure I understand the nit you are picking?

Thanks.

1DMF.

16

Thanks everyone for your feedback especially Bryce. Sorry for not replying sooner if was on annual leave yesterday.

Just wanted to make sure as the are other situations where just stating this doesnt change whos responsible, for example PCI compliance (its been a while since i last looked at it though).

Thank you. Interestingly it doesn’t mention anything to do with licensing but this is still helpful none the less.

We definitely would and do. Its very bad practice not to if they have their work emails on their phone. At very minimum you should be enforcing passcode lock screens.

Very true but their are scenarios where people work on-line and do not necessarily need to be connected to a network but are still part of a larger organisation.

The thing that trigged this thought (and is an example of said scenario) was while I was watching a YouTube series done by a member of a large well known group of YouTubers. During his video AVG free addition popped up asking to be restarted.

17

I think what Bryce was getting at is…

They cant be joined to the network but they can receive DNS/DHCP information from a server in the same way you get DNS/DHCP information from your home router.

You can also still authenticate to servers and/or services by connecting over remote desktop or OWA.

18

It’s also important to ensure split tunneling is used for any VPN remote users! Don’t want them sucking the corporate bandwidth dry and probably don’t want all their personal internet access coming from the corporate IP address either!

19

I think what Bryce was getting at is…

So he was nit-picking my use of the word ‘connected’ to be synonymous with ‘join’, rather than the physical ability to ‘add’ them, ‘join’ them, ‘connect’ them to the corporate domain.

OK, sorry, didn’t realise the grammar police were in town!

But without them being on the domain, password policies, screensaver policies, desktop wallpaper policies…etc etc… cannot be enforced! - which is in breach of our corporate policy and the regulators who govern the industry I work in, so my comment still stands :wink:

20

Hey guys, the AVG Free license can be used on personal computers which are not used for work. If you work from the computer, you’ll have to purchase any AVG license to “legalize” it.