Bring your own device (BYOD) programs are a common way for companies to streamline technology management and security. With BYOD, employees can use their personal phones and tablets for work-related purposes when away from their primary company-supplied devices.
Apple has had a strong influence on pushing the BYOD concept forward. The introduction of the iPhone and iPad created a world where employees now have mobile devices capable of performing several (if not all) work-related tasks with them at all times. So, why carry a laptop to respond to emails or join work discussions when you can do the same by using the iPhone in your pocket?
This trend was quickly adopted by the leading (and later all) B2B software providers. As a result, businesses quickly started to prepare their products for a perfect mobile experience, reaching the point we are at today where virtually any business application can be accessed and used from a mobile device.
The reasons and benefits of a BYOD program are numerous.
First, employees gain a lot of flexibility as several work tasks can be performed from anywhere, at any time, with the device already in their pockets.
Also, by using personal devices for work, employees are not forced to carry multiple devices wherever they go. This avoids the largely complained position of always carrying two phones: one for personal use and one for work.
Finally, BYOD programs give employees more choice by allowing them to execute several of their work tasks on their favorite devices – the same they freely picked and trust to handle all their personal tasks.
However, even though the benefits are clear and numerous, several risk factors are also connected with BYOD programs. If it were not for those risks, likely every company would have an official BYOD program.
Overall, there are risks with BYOD for both the company and the employee.
Employees want to ensure the company can’t access any of their data. They want privacy over messages, their photo library, personal browsing history, list of installed apps, location, and anything that’s not strictly related to work.
On the other hand, there are several risks for organizations with BYOD. Since companies do not have complete control over BYOD devices, it makes it difficult for IT teams to reach basic privacy and security compliance requirements.
With BYOD programs, it often becomes difficult to answer common security questions, like how do we ensure where and how confidential data is stored? How do we ensure devices are always patched? How do we ensure a device is not compromised by malware? How do we remove all company data from an employee’s personal device when the employment is terminated?
As you can see by the relevance of the risks above, finding a perfect balance between addressing the risks for employees and companies while still allowing personal devices use at work is not a simple task. For this specific reason, BYOD programs are still the exception and not the rule.
How can you prevent risks associated with BYOD programs?
At this time, you are probably thinking, “with the technological evolution we experienced in the last decade, there has to be a solution to this challenge, right?”
If you and your company use Apple devices, the answer is yes. There is a simple and effective combination: an Apple-specific Mobile Device Management (MDM) solution like Mosyle and a management method built by Apple and included on any iPhone and iPad called User Enrollment. Apple’s User Enrollment is designed to solve this problem and seamlessly achieve a balance between the risks for employees and companies.
So, let’s dive deeper and better understand how to solve the BYOD problem by adopting Apple devices with the proper Apple IT tools.
What is User Enrollment?
Apple’s User Enrollment is based on a company-controlled Apple ID, like the iCloud account any person can create. However, in this case, the company creates and manages the account and the credentials are shared with employees, as with any other work-issued account.
Apple calls this the Managed Apple ID. Managed Apple IDs can be generated in multiple ways through Apple Business Manager. And since federation with Microsoft and Google is supported, your company can use the same corporate email account to automatically create a Managed Apple ID with no extra step.
Once created, employees can log in with their Managed Apple ID on their personal iPhone or iPad, creating a new and separate account just for work with no connection to a personal iCloud account.
Also, with the Managed Apple ID, employees can easily enroll their personal devices into the company’s Apple-specific MDM, such as Mosyle, by using a specific enrollment method designed for personal devices. This enrollment will only give the company access and management over company resources residing on that device – nothing more.
When an employee completes User Enrollment with their managed Apple ID on their iPhone or iPad, a separate volume is automatically created on the device and contains:
- Managed Apps
- Managed Apple ID Notes
- Managed Calendar attachments
- Managed email attachments
- Managed email content
- Keychain data
With a dedicated volume for company data, it has its own encryption and lives entirely separate from other volumes that host iOS or personal user data.
By using a leading Apple-specific MDM provider such as Mosyle, a company can remotely (and automatically) install configuration profiles to ensure security and compliance when corporate data and resources are accessed from the employee’s device. A few examples of these configuration profiles are Wi-Fi information, VPN configuration, and work apps installation.
The benefits of User Enrollment also go further than ensuring device security and privacy compliance.
With User Enrollment and a solution like Mosyle, companies can automatically install and configure all the apps and accounts the employee will need for work. As soon as the employee completes the User Enrollment on their personal devices, like magic, all work applications and accounts will show up ready for use.
In the same way that everything needed for work comes automatically with the User Enrollment, it’s also automatically removed when the User Enrollment is deleted from the device. This can be done remotely by the company or manually by the employee at any time. No need for wiping – just the click of a button and all company data, apps and resources are removed from the employee’s device.
With the goal of preserving the privacy of the employee, through User Enrollment, companies can only manage accounts, settings, apps and information provisioned with MDM solutions like Mosyle. For devices enrolled through User Enrollment, companies will never be able to access and manage employees’ personal information, data and resources.
Below are a few examples of what companies can’t do:
- See personal information, usage data or logs
- Access inventory of personal apps
- Take over management of a personal app
- Access device location
- Access unique device identifiers such as device serial number
- Remove any personal data
- Remotely wipe the device
User Enrollment is a fantastic way to strike a middle ground by letting employees access company data on personal devices. It creates a cryptographically separated volume on the employee’s device to ensure company data stays with the company while keeping personal data separate.
To get started, you’ll only need:
At this point, you may be thinking, “Ok, User Enrollment addresses all the main risks of a BYOD program and offers a great balance between employee privacy and company security and compliance. But it must come with a high cost of implementation, right?”
Not necessarily. User Enrollment can be free or extremely accessible for companies of all sizes.
So, how expensive is it?
First, Apple Business Manager – and the ability to issue Managed Apple IDs – is totally free and available to every company. On top of that, all you need is an Apple-specific MDM and you will be ready to enroll your first BYOD device in minutes.
While legacy Apple-specific solutions can be expensive and complex to learn, some modern Apple-specific providers offer great user experience and automation, while charging an affordable price.
Mosyle and Support for BYOD
With more than 35,000 customers worldwide and millions of Apple devices under management, Mosyle leads the list of new and modern Apple-specific IT providers.
Mosyle offers highly specialized solutions for managing and protecting Apple devices used by companies and schools. The company also offers free User Enrollment capabilities for customers with under 30 devices. For companies with more than 30 devices, User Enrollment is available as part of Mosyle’s enhanced Apple-only MDM for as low as $1.00 per employee per month, with personalized onboarding and unlimited support included.
And there’s even more. For User Enrollment, the $1.00 per month per employee cost will allow each employee to enroll up to 3 personal devices at no extra cost.
As you can see, Apple’s User Enrollment is revolutionizing how technology is used in the workspace. And studies show that BYOD makes employees happier and more satisfied because they can use a device they’re already familiar with, while knowing that IT is keeping corporate data safe.
Companies can enjoy the benefits of BYOD at no cost if they have less than 30 employees or for as little as $4.00 per year (yes, per YEAR) per personal device for larger companies.
If your company is interested in using User Enrollment and enhancing its BYOD program, the first step is to set up an Apple Business Manager account (if you still don’t have one). The next step is to set up an MDM account with a leading Apple-specific MDM provider like Mosyle.
Why wait? Start your BYOD program now and delight your employees.