I have a client whose users are managed with Intune and typically operate under business premium licenses, which have worked fine until now. However, they've just informed me that they're hiring someone from India and want to grant this employee access to work email and SharePoint drives using their personal device. I'm considering shipping a managed device and implementing conditional access policies, but the device won't arrive in time for their start date. I've also read about setting policies to limit file copying, pasting, and downloading from web apps. Given this short notice, I'm seeking advice on how to proceed. Should I upgrade their licenses or is there a better way to handle this?
5 Answers
We attempted to ship a laptop to India before, but customs can be a nightmare. They often assume you're trying to avoid import duties, making it a hassle. You might want to consider other options instead.
Another suggestion is to have the client buy a new device locally in India and set it up using Autopilot with the necessary conditional access policies. This seems like a viable solution given the time constraints and ensures compliance.
It's really important to have strict controls in place. I recommend requiring the use of Remote Desktop Services (RDS) to keep company data secure and prevent it from leaving the country. Make it clear to management that they need to communicate this better; the user shouldn't access company resources until everything is properly secured.
If you're pressed for time, you can quickly set up a Windows 365 Cloud PC. It's managed through Intune and can be ready to go in no time!
One option you could explore is setting up an Azure Virtual Desktop for the new user. This way, they'll be able to access everything they need without compromising any security policies.
Just make sure to check if there are any regional restrictions that could affect this setup. AVD is another good option for remote users, so keep that in mind!