In a dream world of IT, every device is managed, protected, encrypted and follows a Configuration Profile. However, we often come across clients, normally on the smaller side, who want their end users to be able to work on their own personal device. You can quite easily stipulate a BYOD Policy, but very often, they are simple and state, the device must have anti-virus, the device must have encryption and they must be up to date – they sign the Policy and no checks on the device itself have been carried out.

Below I’m going to go through the steps, that is put in place to limit access to the Web Apps only and prevent them from downloading files on their device and prevent them from signing into the Desktop Apps too.

Please note, to action these, you need Conditional Access, which is ‘locked’ behind a Microsoft Subscription. Having a Subscription such as Business Premium allows for Conditional Access.

---

Read More »