1

So, one of the department heads hired a part time person, who mostly works from home. When first hired, I was told this person would need access to email and SharePoint, but thats all, so I created an O365 account for her. This was a few weeks ago.

Today, this person comes in to work from the office, and she brought in the personal laptop she’s been using for work. Turns out, all kinds of things aren’t working on it. The thing is running Windows 8 (Not even 8.1), has all kinds of adware on it, and takes about 2 minutes to process each click. Not to mention, all of her personal accounts are set up to auto-login, so whenever she tries to open anything in Office 365 it defaults to her husband’s personal Microsoft Account. I spent the last hour and a half just trying to get in to her work account.

It looks like the company has absolutely no interest in investing in a laptop for her. I discussed this with her department head and I flat out told her that in order for this user to be productive, and also to protect our company data from potential malware, that she needs to be using a system that is up to date and protected, preferably a company owned system that is connected to our Azure AD account. This was shot down, and the department head asked me to polish this turd of a personal laptop instead.

I really don’t feel comfortable connecting this craptop to our corporate infrastructure. Any advice guys? I’m thinking I should go over the department head’s head. We have always allowed BYOD, but there comes a point when a certain system is a risk, and the amount of work that would be involved in getting this system up to par seems excessive for the company IT guy to do on a personal device. And I’ll be honest, I am afraid that if anything goes wrong on this craptop that I’d be blamed because “it worked fine before you touched it” ya know?

57 Spice ups
2

It all comes down to cost. Lost productivity of the part-time person versus the amount of time that it would take your IT guy to “pollish the turd”. One possible “work-around” that would satisfy both the performance issue and security concerns, would be to use a remote connect software like LogMeIn or TeamViewer. She could continue to use the laptop but the work resources would run on the corporate computer at the office. (of course this would require that you have a spare or unused desktop running at your office)

13 Spice ups
3

What does your boss say?

What does your BYOD policy state regarding anti-malware/patching of personal devices?

26 Spice ups
4

And just what would this department head have done if the person he or she hired did not have a laptop or computer at home? Also, I assume that if this new hire were hired to work in the office, that he or she would have been supplied with a computer per company policy?
So, in any other situation, I imagine your company would have provided the user with a computer.

This sounds to me as if the department head is trying to cut a few financial corners and in doing so is putting your employer’s data at risk, not to mention wasting your time.

5 Spice ups
5

Follow company policy. If company policy allows BYOD, support it. If it doesn’t, don’t support it.

11 Spice ups
6

The BYOD policy states that all software must be up to date, there needs to be an active antivirus, and the user may not download or copy any company data to a personal device directly and should instead work in the web interface. So the user is already breaking all three of those policies. The policy, however, does not state if the user or the company is responsible for bringing a personal device into compliance.

9 Spice ups
7

That’s something at least.

As it is a personal machine it is the responsibility of the user. The company may offer assistance but cannot assume responsibility.

6 Spice ups
8

Can the user remote desktop into a terminal server? (or virtual desktop) somewhere? at least that would get some processing off her laptop…

2 Spice ups
9

So many things wrong with this situation… What data is she storing on this laptop? Are you managing the AV and protection on this machine? Why doesn’t she just connect via VPN with the personal and RDP to a work machine? Chances are this is violating so many things if you don’t support BYOD and have policies in place.

8 Spice ups
10

Issue them a company device.

6 Spice ups
11

If you don’t have any BYOD specified then skip it.

12

I discussed with other management and we decided to give her a laptop from on-hand stock. Thanks for your input guys.

Sadly, I don’t have anything in stock except for decommissioned devices… but they’re still better than her personal machine. I gave her a Surface RT :stuck_out_tongue:

17 Spice ups
13

based on the story, she is probably excited to get a Surface.

7 Spice ups
14

Actually, yes she was very excited. Grin from ear to ear. It was like Christmas to her.

5 Spice ups
15

Now the trick is locking down that machine so she can ONLY use it for corporate reasons. If she’s that excited about getting it, she will probably never touch hers again.

8 Spice ups
16

Will it hold any information that is company specific or that if lost could damage the company financially, reputation or technically?
If yes, what safe guards are there?

1 Spice up
17

Well that’s cut and dry then, she either needs to abide by the BYOD or get a company laptop. This really isn’t a confusing situation. You have the power to cut her off until compliance is met, one way or the other.

Document the situation, and notify your boss, just to cover your ass. Then let this user and the user’s manager know that you aren’t moving forward until she has either maintained compliance with her device, or the company’s stops cheap-skating the situation and throws down for a new device. It isn’t like they are just investing in this user. Because if the user leaves, the laptop can be reallocated.

This other manager doesn’t hold power over the network infrastructure, nor do you personally. Your company holds the power, you need to talk to different management if you aren’t seeing viable results. However, if upper management tells you to back off and do something that you disagree with, you simply tell them what the negative outcome could possibly be, and then do what your told. Document along the way (emails, written documents, in-person conversations, dates, etc).

1 Spice up
18

Take a few of the old devices that you have and set it up so that users can remote in to it to do there work if they do BYOD.

1 Spice up
19

I would buy a new ssd for the user,then set up 2 partitions and clone the personal data to one side and have the other side for buisness use and since you are not using the license key simultaneously you should be good on that front. This would ensure company security while only having a limited impact on budget. Good luck

20

Nuke it from orbit, it’s the only way to be sure!

5 Spice ups