- 14 Jan 2025
- 4 読む分
- 印刷する
- PDF
Managing Employee Owned (BYOD) Devices
- 更新日 14 Jan 2025
- 4 読む分
- 印刷する
- PDF
The smartphone market share has been growing steadily each quarter, giving consumers a wide array of options. As a result, your employees are likely to own high-end smartphones and may be reluctant to carry an additional phone for work purposes.
In such cases, it is crucial to allow them to use their personal phones for accessing work data, while ensuring corporate data remains secure and the personal user experience is unaffected. This article will guide you on using Scalefusion to manage both employee-owned and personal devices, supporting your BYOD strategy.
Privacy Safeguards
- User disclosure: To ensure employees understand the management software's or profile's effects on their devices, Scalefusion MDM mandates obtaining their consent through a Terms of Use policy during enrollment. This ensures employees are informed about what data will be monitored or accessed and how it will be handled. The IT admins are advised to list a proper disclosure of the terms of use policy.
- Protecting Identities: To safeguard employee privacy, Scalefusion provides compliance checks. IT Admins can selectively gather and display essential device information while opting not to collect sensitive personal data like location. Users can choose to exclude from tracking device location information. IT Admins can also disable remote commands for remote troubleshooting.
- Safeguarding Data: To safeguard identity data, the information collected from devices is exported from the server with masking or encryption to prevent unauthorized access. When an employee departs from the organization, all data collected from their device stored on the server, except for the username, is deleted. Scalefusion offers multiple authorization modes for technicians accessing the Scalefusion server, and all activities performed on the Scalefusion console are logged to prevent unauthorized actions.
- Secure Remote Actions: To execute commands remotely such as remote view, Scalefusion mandates user acceptance of session invitations. Consequently, IT Admins cannot initiate a remote view session without user intervention. Similarly, remote actions like wiping are limited to the device's corporate data. This ensures that IT admins can remotely wipe only corporate data, leaving personal data unaffected in the event of a lost device or employee departure from the organization.Scalefusion offers controls over permissions and data collected from end users' devices, as well as how it's utilized. The deployment of Scalefusion MDM in your environment is determined solely by the IT Admin, based on the organization's security policy. Scalefusion does not take responsibility for policy implementation. Users are requested to contact your IT Admin to learn about your organization's security policies
Essential elements of a BYOD Policy for safeguarding data privacy
Key features of a BYOD policy to ensure data privacy include:
- Containerization to separate work-related data from personal data on employees' devices.
- Mandating strong authentication methods like complex passwords or biometric verification for accessing work applications and data on personal devices.
- Data encryption on personal devices to protect sensitive information from unauthorized access or breaches.
- Ability to remotely wipe only work-related data from a personal device if it's lost, stolen, or when an employee departs from the organization.
In this guide, we will explore the various features Scalefusion offers for managing employee-owned devices. Click on the links in each section to access the relevant help documents.
Overview
To start managing employee-owned devices as an admin, you have to complete some steps on the Scalefusion Dashboard. These are,
- Android for Work Setup
- Updating Organization Info
- Creating a BYOD Profile
- User Management
- QR Code Configurations
- Inviting the Users
On the device once the employees start enrolling their devices, an Android Work Profile is created. A Work Profile is a secure Android container that makes sure that the data from the work apps is separate from the personal apps and stored in separate encrypted storage. The work apps will start showing a briefcase icon indicating that they are work apps. Scalefusion client provides a unified Workplace, which can be used as a quick place to interact with the work apps.
Feature Support
Feature | Description |
Android for Work Setup | This is the common step to effectively manage your Android 6.0 devices and above. This requires a G-Mail account (non-G-Suite) for your organization and some easy steps on the Scalefusion Dashboard. If you are using devices less than Android 6.0 or you are using devices that are not Android Enterprise ready, then you can skip this. |
Organization Info | Update your organization information like name, contact numbers, support emails, and Terms of Use, which will be used once your employees start enrolling their personal devices. |
Personal/BYOD Profile for Android Devices | BYOD Profile is a Scalefusion entity that allows you to group your policies like application policy, a special password for your work apps, compliance rules, and a bunch of settings. |
User Management | Start adding/importing users that can enroll their personal devices. Additionally, send invites to them to enroll and control how many devices they can enroll. |
QR Code/Enrollment Configurations | Once you have created a BYOD profile and added the users, it is time to create an enrollment configuration. You can use these configurations to invite users in bulk. |
Enroll a Personal Device | Learn how to use the invite emails and enroll a personal device. You can share this document/video with your employees for smoother onboarding. |
Device Password Policy | Enforce enhanced security on personal devices. Devices by enforcing a device-level password. This ensures that your corporate data is secure, even if the device is left unattended or stolen. |
Application Management | Learn how to search and distribute applications directly from the Google Play Store. If your organization has private enterprise apk's, Scalefusion offers an enterprise store where you can upload your apk's and publish/install them on Android devices. |
Control Permissions for Applications | This guide explains how you can control application permissions at a global level and at an application level. |
Application Configurations | You can remotely configure an application that is distributed from Scalefusion's Play for Work apps. This may include remotely configuring the Email or setting up Chrome usage policies. |
Configure Exchange ActiveSync | If your organization uses an Exchange-based email server, then you can use Scalefusion to configure the devices with your Exchange settings. |