How to Ensure Business Data Security on Personal Devices During WFH or Remote Work

If there’s one thing businesses have learned from COVID-19, it’s that the ability to run operations in a Work From Home (WFH) setting is essential for our modern world. But there’s a big difference between having the ability to let employees work from home and having the confidence that your employees are working securely from home. 

When your entire organization is relying on WFH practices, day in and day out, for months, that confidence in your cybersecurity is really, really valuable

So, let’s talk about how you can quickly and easily improve your mobile device security for employee-owned devices using Microsoft Intune, which is awesome. 

What Is Intune?

Microsoft Intune is a Mobile Device Management (MDM) and Mobile Application Management (MAM) tool. That means it helps you control security and access on mobile devices and their applications. Here’s the really cool part: Intune empowers you to control and track access to your company’s data on your employee’s personal devices, without infringing on their personal privacy

Intune does this by using Microsoft’s intelligent cloud (Azure) to partition your company data in its own little fortress, so you can secure the data, prevent it from leaving its fortress, and even delete it if the mobile device gets lost or stolen… or if your employee decides they want to trade in their old phone for the latest and greatest Samsung.  

Intune is included with the Microsoft Enterprise Mobility + Security (EMS) suite.

What Can You Control with Intune? 

In a word: everything

Well, to qualify that, you can control everything having to do with your company’s data, so you don’t have to worry about thieves or unsecured apps peeking at your top-secret business files. 

Because Intune integrates with Microsoft 365 (formerly Office 365) and Azure Active Directory, Intune enables you to:

  • Control precisely who has access to your data
    Allow only your employees to access the data – not their boyfriends or their kids or their brothers, or their roommates from college who still know their phone password.
  • Control what data your employees can access
    Just like on a regular computer network, you can granularly control what data each of your employees has access to. You certainly don’t want them accessing HR records like salary data, unless they’re in HR.
  • Restrict access to data if the mobile device is unsecured
    New operating system (OS) updates are released often, but not everyone downloads security updates in a timely manner. Out-of-date mobile operating systems are a security hazard, and you don’t want a security hazard getting anywhere near your company data. That’s why Intune lets you block out-of-date devices until security updates are installed.
  • Control where your data ends up
    If your employee can easily copy-and-paste or save company data to their phone – well, that action pretty much undoes any security measures you’ve been taking. That’s why Intune blocks users from copy-pasting, viewing, or saving data outside of their Intune environment.

Employees Can Choose Their Own Levels of Control

Some employees will be happy to have you secure their device against attacks and cyberthreats. Other employees will be uncomfortable with what they see as “giving away” control of their devices. To meet different mindsets while maintaining your business data security, Intune offers two different levels of control. 

Full Business Admin Control or “Enrollment”

Employees can choose to “enroll” their mobile devices into Intune for full, secured access to authorized data. This option grants you more administrative control over their personal devices (while maintaining their personal data privacy), and allows you to set up password requirements, VPN connections, threat protection, and other security measures on their behalf. 

In addition, enrolled devices can receive certificates that allow them to access company Wi-Fi – and it also gives you insight into the security of their device. 

Enrolled devices provide your company with: 

  • An inventory of the devices that access your business resources
  • Device configuration permissions, so you can ensure the device is secure
  • The power to block “jailbroken” devices, which are unsecure
  • Reports on which devices are (and are not) compliant with security protocols
  • The ability to wipe company data if the device is lost, stolen, or is no longer in use
Selective Usage

Employees who are uncomfortable with you having control over their device won’t be able to access your company’s full mobile resources through their devices. However, they can still choose to install a smaller selection of apps, such as email or Microsoft Teams

Employees who choose this option will be required to use multifactor authentication to confirm their identity and, using that cool Mobile Application Management (MAM) tool we mentioned earlier, you will maintain the power to:

  • Update or configure apps
  • Track app usage with reporting
  • Wipe your data from company apps on their device

Keep Your Data Secure and Your WFH Workforce Productive with Intune

None of us know what will happen next with COVID-19, but many modeling reports suggest that more social distancing may be required down the road as outbreaks repeatedly increase and calm down in waves. 

Whether or not that happens, it’s still super important to have the ability to manage a secure WFH or remote work setup, because (let’s face it) we all love using our phones and tablets. Naturally, we will all want to use these devices for work more and more over the coming years. 

No matter what the future brings, Microsoft Intune makes it easy for you and your employees to stay productive and happy, in coffee shops, at hotels, at work, and at home. 


Contact Interplay to learn more about Intune and your options for mobile device management.