How To Create BYOD and Mobile Device Management Policy

It’s no longer a question of if your company should have a bring-your-own-device policy, the question is now “what does it include?”

Cloud technology has made it possible for employees to work remotely, and they are increasingly accessing sensitive enterprise data from personal devices. Access and activity from these devices needs to be monitored and your employees need to be given direction on proper processes to prevent data leaks or attacks.

The implementation of BYOD has come a long way since 2013, when most IT departments admitted to struggling with the creation and implementation of a sound policy surrounding personal mobile phones, tablets, or personal laptop use for business.

  • 60% of IT professionals said their organizations did not achieve higher customer satisfaction
  • 62% said that it didn’t lower their IT expenses

If you still feel like one of IT professionals who are struggling to communicate their BYOD and MDM policy, this guide will outline some of the most important aspects and how to create your own policy.


It’s integral to business success to know what to do in the case of lost devices or cyber threats. Simply allowing free access to company documents without establishing a policy surrounding the use of mobile devices means that you’re opening up your business to potential data leakage.

Risks of not acknowledging the use of these devices, or outright banning others could result in Shadow IT practices and employees storing company files on personal devices.

  • 81% of employees admit to using SaaS apps not approved by IT

We don’t have to tell you the risks related to unsecured file transfer or unsecured wireless connections that result from employees adopting their own IT practices.

  • 33% of IT leaders said that their organizations lacked the ability to remotely wipe data from lost or stolen devices, or from exiting employees.

Lost or stolen devices that were not part of a BYOD policy have resulted in numerous security breaches because of easy access to company information landing in the wrong hands.

Benefits of BYOD Policy

The benefits of establishing a BYOD policy far outweigh the risks associated with not having one. Getting everyone on the same page regarding IT policies is just as important as outlining business goals and methods.

The main benefits of mobile device management (MDM) are:

  • Clearly identified role of a device
  • Clearly establishing security protocols to access device
  • Setting boundaries on use or access to information
  • Having a company-wide policy that outlines employee and employer's responsibility relating to the device
  • Ability to wipe sensitive data from device if necessary

Furthermore, depending on your decided reimbursement policy, IT costs could be cut by 64% if there is no stipend attached to user-owned tablets. Since the employee is choosing to bring their own device, many employers establish a policy but don’t cover the costs of the unit. If the employee’s personal tablet is indeed replacing their work laptop or desktop computer, that’s a significant cost-savings.

Otherwise, as a best-practice, if you’re expecting extensive tablet use in your company, you can chose to reimburse all or a part of the tablet. Most often, businesses will establish a percentage of the cost to reimburse the employee purchase.

Different Methods of Adopting Mobile Devices

One of the benefits of adopting mobile devices like the Surface Pro in a business atmosphere is that Microsoft Office 365 has built-in capabilities to manage your MDM policy. Accessing company documents through Microsoft Office 365 is easily done through cloud computing on any Windows OS, Android, as well as iOS. The built-in features allow you to control access and wipe sensitive data from devices if lost or stolen.

If your employee devices are user-owned, they may not be too happy with the concept of their personal device use being overseen by your company's IT staff. The most popular way to avoid these conflicts is through containerization or dual persona. Containerization completely separates business-owned applications and data from personal processes.

Your business could also decide to go with a fully virtualized method that establishes access to data that is stored on a data center, and never fully resides on the device itself. However, IT departments and end-users have experienced more convenience with mobile device management solutions.

Things to Include in Mobile Device Management Policy

Once you’ve decided on the technical methods of rolling out your MDM solution, deciding what you’re going to govern is the next step.

  • An overview of Acceptable Use Policy related to personal devices such as rules on personal use, while creating policies surrounding what’s considered acceptable.
  • The list of allowed and restricted apps with clear instructions on acceptable use of popular applications such as Twitter, messengers, etc.
  • An outline of exactly which company-owned resources employees will be able to access from their personal device.
  • Which devices are supported by the policy, including which operating systems they need to be running and how IT will support them in setting up their device for access.
  • Will your company reimburse your employees for all or part of their device? Outlining the device allowance or stipend clearly, as well as the methods of payment is integral to encouraging adoption.
  • Establishing a rule on device locks and secure network passwords, such as what to do if locked out.
  • Defining user profiles and establishing that IT creates their access profiles based on management considerations.
  • Clearly outlining your wiping policy. When will a device be wiped? Will it erase all personal data? How is your IT department prepared to help them how to securely backup their information?
  • An outline of everything that the employee agrees to by using a personal device, including their full responsibilities, and those of the employer.
  • This section should include phone plan payments, and data restrictions.

How To Create Your Own Mobile Device Management Policy

  1. Assemble a team to address and answer all the above considerations. This team should include representatives from all major departments, as well as end-users.
  2. The team is tasked with researching and delivering the best answers to the above needs, through departmental review, internal discussion, and team consideration
  3. Develop a draft of the policy for internal review
  4. Solicit feedback from department heads for review before revising and finalizing.
  5. Once the policy is established, it must be clearly communicated to every staff member. Whether through company-wide meeting, department meetings, as well as circulated to company email addresses
  6. Once policy has been enacted, continuously follow-up on what’s working. Keep updated on new business applications that could increase productivity, monitor staff activity, and search out policies that can reduce potential threats.

The most important aspect of this method is to work as a team with other departments. If your IT team is strictly the ones deciding on best use policies and choosing apps, it may not be in line with what your end-users want or need, and you could end up with a case of Shadow IT on your hands. Exactly the opposite of the reason you’re looking to establish an MDM policy.

If you’ve decided to take the leap to cloud computing and mobile device management, but are still unsure of your next steps, trained technicians can walk you through the process and setup of properly optimized and iron-clad mobile device management solutions.

The strategy behind establishing your mobile device management policy for devices like Microsoft Surface and smartphones is one that’s constantly evolving. Let professional IT security experts put your mind at ease by setting up and managing your BYOD and MDM policies.

No comments yet. Be the first to add a comment!
Our site uses cookies