Do you impose restrictions on your users from accessing their Office 365 accounts on personal devices to protect company data? What technologies do you use? I'm testing pushing out policies using Azure Conditional Access and Device Compliance, which will allow my users to access org data provided their BYOD devices meet some compliance requirements.
Here are some examples. Scenario 1. User Ana Green tries to login into Microsoft Teams on her personal Windows 10 computer. She gets a notification she will need first to connect her Windows 10 computer using her corporate account so the org MDM, Microsoft Intune, can manage it.
Scenario 2. She tries to add her corporate email account on her iPad she will first get a notification she needs to create a pin. This is when the app protection policy kicks in. After the pin is created, the corporate data is secured from getting accessed by other apps installed on her iPad.
Scenario 3. She accesses her Office 365 account via the browser she is not restricted in any way from accessing, except she is prompted by MFA first. After successfully meeting the MFA challenge, she is allowed to login.
Is this similar to what you're doing now in your org?
------------------------------
Joe Aldeguer
IT Director
Society of American Florists
Alexandria VA
(703) -836-8700
https://safnow.org------------------------------