I need to address an issue at my company regarding remote devices that aren't being logged into regularly. We're considering implementing a policy because when these devices sit unused, they miss important patches and updates, which increases our security risk. Some teams have laptops issued just for potential off-site work, but since they are required on-site five days a week, these laptops can be dormant for months unless something comes up. I'm looking for some insights on how others are handling similar situations: 1) Do you disable or reclaim devices that haven't been used for 30, 90, or 180 days? 2) Is there a way for you to force updates or make sure the devices check in regularly? 3) How do you manage exceptions for users who suddenly need access after long periods of inactivity? Any advice would help as I prepare to present this back to my team. Thanks in advance!
5 Answers
I'd recommend consolidating the devices to one per user if possible. If users need a backup, they should understand that they'll need to check in periodically to keep that device in the lineup. This approach also cuts down on waste and confusion about which device should be used.
100%! I don't see why anyone needs multiple devices unless there's a specific reason.
If you're using Office 365 and Intune, you can set up compliance policies to restrict access for devices that are out of date. We have a system that alerts us if devices haven't checked in after a certain time. It's also essential to follow up and see if those devices are still needed by the user.
Nice, we also run periodic checks to make sure that these devices are still compliant. It saves a lot of headaches!
Exactly! Keeping track of those inactive devices is crucial for maintaining security.
You might consider automating your process to track device usage. Implement a scheduled script to send alerts after a device has been inactive for 30 days, escalated emails to management after 60 days, and then disabling the account after 90 days if there’s no response. That way, you maintain compliance without needing too much manual oversight.
That sounds like a smart move! Automation really helps eliminate the manual grind.
Exactly! We do something similar and it really keeps the process flowing smoothly.
We enforce a strict one-device policy where every staff member gets a laptop. It simplifies accountability and compliance checks. It also became our standard after the pandemic; we found it much easier to manage than dealing with duplicate devices. Now everyone has just one machine that’s used for both office and remote work.
That’s exactly what we did as well! It reduced confusion and improved compliance after we shifted to remote work.
We’ve made the laptops the primary devices for our employees. They’re required to bring them into the office daily to dock and charge. This approach keeps devices active and ensures they get regularly updated. It’s streamlined our management significantly since everyone is using just one device instead of juggling multiple.
Same here! Converting to this model saved us a ton of hassle.
Totally agree! This seems like the most efficient way to manage company devices.
Definitely! It helps simplify things for everyone.