Jamf Blog
Closeup view of person holding iPhone.
August 3, 2022 by Sean Smith

Discover a better way to BYOD

Learn the essentials to implementing a successful Bring Your Own Device (BYOD) program.

Privacy and security are the cornerstones of successful Bring Your Own Device (BYOD) programs: privacy for the employee, security for the organization. In today’s hybrid, work from anywhere world, it’s critical for IT departments to put the right security policies and tools in place. But it's just as important for IT to understand that personal devices are just that — personal.

Employees who choose to work with their own device want to make sure their personal data is protected, without intrusions on their privacy. From IT’s perspective, they need to make sure all device endpoints are protected, especially with the frequency of malware and phishing attacks.

Striking the right balance between privacy and security has been historically difficult, resulting in BYOD programs not being implemented successfully.

Personal privacy is paramount

Employees' personal devices often contain the most private kinds of information: photos, contacts and documents. Even the choice of apps installed on the device can reveal very private information about hobbies, habits and lifestyle.

The amount of personal information accessible on these devices is only increasing with new technologies like Apple Pay, HealthKit and HomeKit. Just as an organization needs to keep its data secure and private, so too does a user.

Security fit for the enterprise

From the IT manager’s perspective, mobile devices are a common target for malware or phishing attacks, and they pose a threat for intrusion when connected to an organization’s network.

Without any visibility or control of the endpoints, effective IT security is an impossible task. This need for security is what pushes organizations to use a mobile device management (MDM) solution for their BYOD program, and therefore require employees to enroll their personal device to gain access to the internal network, mail, calendars, VPN and more.

Ease their mind with trust and transparency

When an employee has to enroll their device in a MDM, they can become leery at the thought of IT having complete access to their device. These suspicions are usually the result of the user not knowing what IT can and cannot do. This is where transparency comes into play.

To ease their mind, IT managers can share the specifics of BYOD management controls.

IT admins can:

  • Apply corporate configurations, like Wi-Fi, VPN, mail and passcode requirements
  • Install and remove corporate apps and books and the associated data
  • Collect security info from the device
  • Add/remove restrictions which protect corporate data

IT admins cannot:

  • Erase private data like photos, personal mail or contacts
  • Remove any personal apps
  • View any private data including the names of personal apps
  • Track the location of the device

Balancing user and IT needs

The main reason BYOD programs fail: devices are either over-managed or the employee is under-served.

The answer: rethink the role of MDM as it applies to BYOD. With a Jamf MDM, organizations get a purpose-built solution, with privacy protections to satisfy employees and strong security controls to meet the needs of IT.

Apple introduced two features in iOS and iPadOS 15 that allow for even better BYOD programs: Service Discovery and Account-Driven User Enrollment.

Service Discovery allows for a set of configurations that associate management with the employee and how they use the device for work, not the entire device itself.

Account-Driven User Enrollment keeps personal and corporate data separate, by associating personal data with a personal Apple ID and corporate data with a Managed Apple ID. Jamf BYOD – powered by Jamf Pro – leverages these Apple features to create a program that benefits everyone in the organization with what they want.

Increase BYOD program enrollment with Jamf Pro and Apple

A BYOD program with Jamf Pro and Apple meets all of IT's security needs, while still preserving user privacy and a familiar user experience. On top of that, IT reduces device costs and simplifies device enrollment. With the power of Jamf and Apple, both users and IT departments benefit: users get the privacy they deserve, and IT gets the security they need.

Learn more about how Jamf and Apple can increase adoption of your BYOD program with our how-to paper, which includes a detailed workflow of Account-Driven User Enrollment: Jamf and Apple: BYOD Programs Done Better.

Sean Smith
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.