Resources -
WIP Limitations - Link - WIP is designed for use by a single user per device.
======================================================================
BYOD limitations -
Unable to access online apps
- OWA
- SharePoint Online
- OneDrive for Business Online
OneDrive Online
OWA -
Teams Online -
Workaround for Online apps that are blocked - Link
======================================================================
MAM and MDM user scope updated to include all users in MAM
======================================================================
Apps - App protection policies
Create policy - Windows 10
Name - Windows Information Protection Policy - Windows 10 without enrollment
Description - This WIP policy is assigned to BYOD Windows 10 devices and users
Enrollment state - Without enrollment
Targeted apps - Protected apps - Add
Recommended Apps -
Select - Name (This will select all recommended apps)
Select - OK
Select - Next -
Select the mode you would like to apply
Hover over the information icon to see an explanation of the options
As I would like to test the 'Allow overrides' option, select - Allows Overrides.
Next
Advanced settings -
If you don't select and create a network boundary, nothing happens.
Under Network boundaries - select - Add
Boundary type - Cloud resources
Name - Cloud resources
Value - update the text below with the tenant name -
(copy to notepad and use find - replace)
(make sure there are no new lines and use the pipe character to separate entries)
Replace <tenant> with your tenant name -
<tenant>.sharepoint.com|<tenant>-my.sharepoint.com|<tenant>-files.sharepoint.com|tasks.office.com|protection.office.com|meet.lync.com|teams.microsoft.com|outlook.office365.com|outlook.office.com|attachments.office.net
Updated details
intuneadmin.sharepoint.com|intuneadmin-my.sharepoint.com|intuneadmin-files.sharepoint.com|tasks.office.com|protection.office.com|meet.lync.com|teams.microsoft.com|outlook.office365.com|outlook.office.com|attachments.office.net|/*AppCompat*/
Update the Add network boundary sections - New screenshot
Update other options as needed.
I choose Yes to - Show the enterprise data protection icon -
Click - Next
Options continued.
Configure Access as needed (Windows Hello for Business protected).
Recommend to match the settings in Compliance Policy / Security Baseline.
Click - Next - to continue
Assignments -
Add groups -
Browse and select the groups you want the policy assigned to.
I have assigned the MFA group to ensure this is assigned to all users.
Click - Select
The Assignments will update with the groups assigned
Click - Next
Review and Create -
Create
=======================================================================
End user testing
Troubleshooting tips -
Remove the business account in Settings - Accounts -
Reboot -
Add to the Azure AD account - Settings - Accounts
Log into Office 365 portal - OneDrive - Get OneDrive Apps - Start OneDrive - Sign-in
Register the BYOD device with Azure AD -
Settings - Accounts - Access work or school -
Add the user account
Log into the Office 365 portal -
Online apps blocked - Link
OWA blocked
OneDrive online blocked
Troubleshooting OneDrive for Business app -
Google - OneDrive for Business download - Click - Start OneDrive -
Sign in with corporate credentials - Use this folder
OneDrive is protected as Corporate owned files
New column shows File Ownership
Files in OneDrive have no option to change File Ownership
Copying the file to another file location gives you the option to change File Ownership
Here the file has been copied to C:\Files
I can select - Personal - to change the file ownership
Open the file via WordPad
Warning as it is a non-corporate app - needs Microsoft Word which is a corporate app
Trying to email the document from OneDrive via Gmail
Warning as it is not allowed - Use Outlook
=========================================================================
About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He draws upon over 20 years experience designing and delivering technical solutions to a variety of enterprise clients in the private, Government and Education sectors, to revolutionise client businesses through collaboration and getting the most value from a variety of cloud solutions.
He is passionate about learning new technologies and is a firm believer in sharing knowledge to provide a better experience for all.
You can connect with Terry on LinkedIn - https://www.linkedin.com/in/terry-munro/
No comments:
Post a Comment