Hey everyone!
My organization is trying to implement BYOD using Intune/MAM, specifically focusing on Microsoft 365. We want to securely provide corporate apps on personal devices and have the capability to remotely wipe any corporately owned data if necessary. We've had some success with Android devices based on Microsoft's documentation, but we're hitting a wall when it comes to iOS.
Currently, we're using a web-based enrollment guide (you can check it out [here](https://www.systemcenterdudes.com/how-to-use-intune-web-based-enrollment-for-ios-in-intune/)). However, I'm encountering a few issues:
1. Sometimes devices register as corporate instead of personal; there's no clear pattern to this issue.
2. Even though the devices are personally owned, we're able to wipe the entire device, which shouldn't be possible according to Microsoft's guidelines.
3. We tried 'Account driven User enrollment,' which got us further in managing the devices, but we got stuck when trying to install apps—the syncing process just hangs.
I'm feeling overwhelmed and like I'm not grasping the documentation. Has anyone successfully managed to get this working? If so, I'd appreciate any guidance or resources!
3 Answers
You might want to try pushing apps using User Licensing instead of Device Licensing. It could help with the installation issues you're facing.
You're not alone in this! iOS really complicates things compared to Android, which does a much better job with separating work and personal profiles. I think the whole merging approach on iOS doesn't make for a smooth user experience, and it gets worse when employees have apps that flip to being work managed, like Microsoft Authenticator!
Have you considered just using MAM app protection policies with conditional access? It might help limit access without needing to enroll devices fully. But I get the management's concern about ensuring company data is fully wiped when employees leave. Even if they can't log in anymore, that data could still be accessible on their devices if not encrypted—definitely a tricky situation!
I see the concern there! Maybe focusing on enforcing encryption and settings in your policies might alleviate some of that worry?
Could you explain a bit more about the difference between user licensing and device licensing? I'm familiar with MAM/MDM but not quite sure how it plays into BYOD.