Managing the endpoints can be incredibly challenging, but it is also extremely important to safeguard your data and endpoints—particularly as more and more employees continue to work remotely, without the need to go to the office as often as before.

Ensuring that everyone within your organization has the applications required to do their jobs, while securing their devices through operating system patches and security updates is a complex task, only made more challenging with employees working remotely on a more or less permanent basis. Consider the ease of doing basic Windows updates when the workstations are on the corporate network; once employees are outside of that network, your patch management solution needs the ability to reach those endpoints.

Meanwhile, with the ongoing shift of employees using their own personal devices (BYOD) in a corporate setting, we are seeing a greater push towards securing those endpoints and the corporate data accessed through them. The challenge is that organizations have traditionally been unable to impose device management strategies on personal computers and mobile devices—because the endpoint security layers would then manage devices in their entirety, which most people find undesirable for personal devices.

Employees do not want all aspects of their personal devices and applications controlled and managed by someone else—the risk of their personal data being wiped, should they leave the organization, is just one potential negative outcome that could inadvertently occur due to organizations having this type of access.

Moreover, organizations do not want to be in the business of managing their employees’ personal devices. Clearly, protecting your corporate data is priority #1—but IT departments generally do not have the capacity to manage the extra workload of protecting hundreds if not thousands (or tens of thousands) of personal devices.

What can be done?

There is good news for organizations considering how to implement a BYOD security approach to how their employees, as well as the 3rd-parties (e.g., contractors, vendors, etc.) they are collaborating with, access their corporate resources and data.

First, employees and organizations alike are beginning to get more comfortable with the various policies and restrictions required for BYOD deployments. This reduces the potential for resistance to deploying these policies within your organization and increases the opportunity for everyone to work together towards a common goal.

Secondly, many mobile applications are geared towards SaaS collaboration models and therefore have modern authentication policies already embedded into their design—providing protection at the app level. What does this mean? When you can apply protection and policies at an application level, this opens the door to more possibilities for BYOD while also meeting corporate security and compliance policies.

This is a new layer of security and functionality that was—until recently—not possible!

Introducing Microsoft Endpoint Application Protection Policies

Within Microsoft Endpoint Manager (MEM), Microsoft has introduced improvements to their Application Protection Policies to help address how your corporate security and management requirements are applied to personal devices. Put simply, App Protection Policies help you manage and protect your organizational data within client apps that a company’s workforce uses.

Essentially, MEM’s Application Protection Policies prevent data loss at an application layer—which is very exciting news for corporations wanting to ensure the security of their data in today’s remote/hybrid workforce!

In addition, it provides your users more freedom—enabling your employees to use their personal devices for both personal and corporate purposes. Even better: users do not need permission from organizations to use their phones because with this technology, the policies are applied when the corporate data is accessed, allowing security to be compartmentalized.

Overall, the flexibility that MEM’s Application Protection Policies provide allows endpoint security controls to be seamlessly applied to both corporate and personally owned devices. This is game-changing technology, where protecting corporate data on personally owned devices finally—finally—becomes a reality.

Jeny Alex
Senior Consultant, Hybrid Identity and Cybersecurity

Avaleris focuses exclusively on hybrid identity, enterprise mobility, and cloud security, enabling businesses to improve their agility and security while enabling employee productivity and collaboration.

Reach out to us to discuss your project objectives.
1-844-996-9695[email protected]avaleris.wpengine.com



Subscribe to the SecureScoop Newsletter