Categories
Enterprise Mobility General

Getting Started with BYOD using Microsoft 365

Bring Your Own Device

We want staff to work comfortably and provide flexibility. We also want to ensure it is within a secure and well managed ecosystem. The more appropriate flexibility we provide, the more our users will happily adhere to both required standards and recommended practices.

Using Microsoft Enterprise Mobility allows us to support a Bring Your Own Device (BYOD) program within your organization which allows end-users to:

  • Use devices they like to use and already are comfortable with to access corporate cloud data – safely and securely
  • enforce access to devices which meet a minimum compliance level as defined by your organization (e.g. support operating system, device encryption, remote wipe, etc.)
  • Reduce spend on IT asset and asset support
  • Exclude devices not approved by your organizations (Hint – this also significantly cuts down on access from malicious agents).

The two major Microsoft 365 (M365) services to implementing a successful BYOD program are Microsoft Intune and Azure Conditional Access.

Microsoft Intune

Using Intune, we can create device compliance policies to ensure devices meet specific standards. For example:

  • what operating systems and versions are authorized for access
  • require device encryption requiring a pin on boot and access
  • restrict devices which are rooted or jail broken.

Intune supports iOS/iPadOS, Android, Windows, and macOS. From an operational perspective, a unified solution for managing devices greatly simplifies processes for IT Operations teams. Interoperability with other Microsoft services, such as Defender help to provide unparalleled capabilities to harden and protect the devices due to the integration of tools and unified system for accounts and access.

Intune also reduces the burden on IT Operations teams for registered devices as it provides the ability for staff to self-enroll compliant devices.

Azure AD Conditional Access

Conditional Access helps enforce specific rules, for example ensures only Intune registered mobile devices can connect to your M365 tenant.

Conditional Access also helps enforce rules using different signals. Signals include:

  • User or group membership
  • IP Location information
  • Device
  • Application
  • Real-time and calculated risk detection.

Based on signals, Conditional Access will apply action to block or grant access. Granting access can also require one or more of the following options:

  • Require multi-factor authentication
  • Require device to be marked as compliant
  • Require Hybrid Azure AD joined device
  • Require approved client app
  • Require app protection policy

Common behaviours with Conditional Access include:

  • Requiring trusted locations for Azure Multi-Factor Authentication registration
  • Restricting the use of apps on mobile devices to organization-managed devices
  • Blocking risky sign-in behaviours (e.g. authentication requests from different countries.)

Summary

In closing, using Microsoft Intune with Microsoft Azure Conditional Access, an organization can:

  • register and manage devices (phone, tablet, computer) for compliance and defining standards
  • define requirements for accessing the organization’s M365 tenant
  • Improve employee satisfaction by letting them use the devices they want to use (and not carry additional devices)
  • Enhance productivity by enabling staff to work from anywhere, anytime, providing more flexibility and better overall engagement on a day to day basis.
  • Reduce resources required for IT asset and device management, allows IT Operations to focus on more complex and challenging tasks.

Resources – docs.microsoft.com

  • Azure AD Conditional Access (link)
  • Microsoft Intune (link)

Thanks for reading.

If you have any questions or would like to know more, please feel free to connect with me.

    Categories
    Collaboration General Organizational Effectiveness

    Scheduling Meetings Effectively

    Using Technology to facilitate meetings in a geographically dispersed and complex environment solves many challenges.

    Establishing common practices, guidelines, and maintaining an awareness of technological limitations will provide a more productive experience.

    Below are some guidelines with best practices and limitations specifically around:

    1. Scheduling a Single or Series of Meetings (using Microsoft Outlook)
    2. Virtual Meetings (using Microsoft Teams)
    3. Maintaining a Series (recurring) of Meetings (using Microsoft Outlook)
    4. Making Changes to Meetings as an Attendee (using Microsoft Outlook)

    Scheduling a Single or Series of Meetings

    • Provide an agenda and the expected outcome of the meeting: Agendas and expected outcomes will provide participants context to the discussion and enough information to prepare in advance to use the meeting time (their time and your time) productively and effectively
    • Use the Scheduling Assistant to identify an appropriate time and location for the meeting: The scheduling agent will identify availability to ensure desired attendees are able to attend, sending invites and creating conflicts in people’s schedules will result in attendees not being present
    • Schedule recurring meetings with an end date: Distribution lists, attendees, agendas change over time, keeping a maximum length of 6 months minimizes excessive instances of recurring events across all user mailboxes
    • When a series of recurring meetings is over, edit the end don’t, don’t cancel the meeting: Cancelling a meeting series eliminates the historical records of meetings in the calendars of all attendees
    • Send Modern Attachments, not attachments to meetings when you can share via OneDrive for Business, Teams, and SharePoint: Sending attachments means updating invitations and sending multiple copies, it means a static document that is not intended to be updated. Inserting a Link to a meeting invite allows for a single source of truth and won’t require redistribution of content in the event of an update

    Virtual Meetings (using Microsoft Teams)

    • Create MS Teams meetings directly via Outlook or Teams, do not copy and paste meeting links into invitations: Copying and pasting links from different meetings creates uncertainty and security concerns. Meeting titles may be incorrect, attendees will not know who has access to the meeting call or chat

    Maintaining a Series (recurring) of Meetings

    • Do not cancel recurring meetings when no longer necessary, set an end date: Cancelling a reoccurring meeting will remove the meetings from the calendars of all participants and they will no longer be able to review the details. Rather than cancel or delete, the organizer can update the meeting to provide an end date.
    • Do not make changes to the day and time of a recurring meeting, set an end date, and create a new series: Changes will remove historical information from all attendees calendars. Rather than edit a series, the organizer can update the meeting to provide an end date and schedule a new series of meetings if necessary.
    • Always “send updates to all attendees” after changes are made: Ensure all attendees always stay informed on any changes.
    • Use the Outlook application or Web version as often as possible to make changes to meetings: Mobile applications can have undesired effects when makes changes. Calendars for Outlook on IOS and Android should be primarily used for review and information rather than scheduling or changing meetings.

    Making Changes to Meetings as an Attendee

    • Request the meeting organizer add additional attendees: Do not forward meeting invitations to additional participants as updates will not necessarily be provided to the unofficial participants should the organizer make changes.
    • Do not edit a meeting event to include notes: Create a separate meeting in your calendar to ensure your notes are not overwritten or lost.