Hey everyone! I'm diving into a new role and I've noticed that our BYOD policy is basically non-existent, allowing anyone to access corporate data without restrictions. Since banning BYOD isn't an option at the moment, I'm working on a list of security controls to implement. Here's what I have so far: 1) Disable copy/paste both ways from company apps, 2) Disable screenshots and screen recording from company apps, 3) Prevent uploading attachments from non-company apps, 4) Ensure users can only log in using devices that aren't end-of-life, 5) Mandate using a company-managed browser for SharePoint access, 6) Block access from jailbroken or rooted devices. Am I missing anything important?
3 Answers
I think your security measures are heading in the right direction, but some might be a bit too strict and could actually create more issues for users trying to work efficiently. For example, disabling copy/paste could hinder users from navigating simple tasks like copying an address to Google Maps. A good compromise might be to limit the number of characters instead. Also, keep in mind that preventing screenshots could block users from sharing important content during meetings. Focusing on egress protection first would be wise too, along with looking into Conditional Access Policies for things like blocking rooted devices. Also consider adding some more controls like requiring a new sign-in every few days and using PINs or biometrics for accessing MAM apps!
Definitely block backing up company data on personal devices, maybe only allowing OneDrive for storage. And yes, you should enforce that users only access company apps through Microsoft-managed applications. When users get upset about these restrictions, just remind them why they’re in place — it's all about protecting company data! Disabling copy/paste might cause complaints too, especially for frequent travelers who need to access maps. For your point about ensuring users log in only from supported devices, you can manage this by enforcing a minimum OS version, but keep in mind it might add unnecessary complications if not carefully managed.
Great tips! I’m looking into how I can enforce the minimum OS version effectively.
Are you referring to mobile devices or Windows? If it's mostly on phones, I’d suggest setting a minimum iOS version and maybe easing up a bit on the restrictions for copying to map apps — it can streamline navigation for users. Overall, it’s important to find a balance between security and usability.
Exactly! And don’t forget about requiring more secure MFA methods. It can make a huge difference.