Device EnrollmentBYOD & Mobile Enrollment

BYOD & Mobile Enrollment

20 mins

Understanding the Concept

BYOD (Bring Your Own Device) enrollment requires a different approach than corporate device enrollment. For BYOD, organizations should use MAM-only (Mobile Application Management without enrollment) or work profile enrollment to protect corporate data without controlling the entire personal device.

On iOS BYOD devices, users install the Company Portal app and enroll their device, which creates a management profile. On Android, the Personally-Owned Work Profile creates a separate container for work apps and data. MAM-only policies can protect apps like Outlook without enrolling the device at all.

App protection policies (MAM policies) are the key to BYOD security. They control data leakage between work and personal apps, require PIN/biometric access to work apps, and can selectively wipe corporate data without affecting personal data.

Key Points

  • BYOD uses MAM-only or work profile enrollment - not full MDM
  • iOS BYOD: Company Portal enrollment or MAM-only for app protection
  • Android BYOD: Personally-Owned Work Profile separates work/personal
  • MAM policies protect corporate data without device enrollment
  • App protection policies prevent data leakage between work and personal
  • Selective wipe removes only corporate data from personal devices

Why This Matters in Real Organizations

73% of organizations support BYOD. Without proper BYOD enrollment and protection, organizations face either security risks (no protection) or user resistance (overly invasive MDM on personal devices). MAM-only strikes the right balance.

Common Mistakes to Avoid

Requiring full MDM enrollment for BYOD devices, causing user pushback
Not implementing MAM policies for BYOD apps like Outlook and Teams
Forgetting to configure selective wipe for departing BYOD users
Not testing the BYOD enrollment experience from the user perspective

Interview Tips

  • Explain your BYOD strategy and how you balance security with privacy
  • Discuss MAM-only vs MDM enrollment for personal devices
  • Describe data protection policies for BYOD scenarios

Exam Tips (MD-102)

  • Know the difference between MAM-only and MDM enrollment
  • Understand app protection policy settings and capabilities
  • Know how selective wipe works vs full wipe on BYOD devices

Course Complete!

You've finished all lessons

Previous|Next|HHome