Bring Your Own Device “not under my roof”?

An article by the COMPAREX Blog Editorial Team

We currently find ourselves at the onset of a new revolution in IT. The last revolution began at the end of the nineties and was the introduction of the sophisticated utilization of client/server infrastructure and the advent of Active Directory, the predominant Directory service since then.

Today, we find ourselves at the next truly revolutionary phase in the IT landscape, encompassing two current game changing trends, Client Mobility and Cloud technologies. Each, depending on the viewpoint of the observer, represents the potential for unlimited increase in productivity and the potential reaping of benefits in terms of cost savings in regards to licensing and hardware infrastructure costs.  Nevertheless, as in all revolutions, there are those who grasp and cling to the current status quo, and those who bend to the prevailing wind of change and reap the benefits earlier on. One only has to look at the vast amounts that are being invested by the major technological players in Cloud Datacentres, Microsoft, Amazon, Google to name but a few, to realise that The Cloud – with access from everywhere and irrespective of device – is here and will be the new accepted face of IT.

Last year, Microsoft released the last ever version of their Windows operating System, Windows 10. There are two firsts that took place with the release of Windows 10: it was the first time that millions of users were offered a completely free upgrade to a new flagship operating system, and the first time that an operating system has been delivered by means of Windows update, without practically any user input required, an “in place upgrade” so to speak.

There are major advantages to be realised in terms of increase in productivity and decrease in costs. Microsoft has not disenfranchised traditional IT departments, but has empowered end users and given IT departments the means to control and safely administer their users. The employee is more at ease with his own device and the employer doesn’t need to invest in hardware for his employee. Worldwide 43% of users admit to using a private device for work purposes without informing their IT departments.1  This essentially means that these devices are not part of the IT strategy of their companies and represent quite a large risk in terms of Data security for their respective employers. The use of mobile devices from smartphones tablets and notebooks is changing the face of IT. With Windows 10, companies have at their disposal an operating system that already comes bundled with security tools that make BYOD (Bring Your Own Device) a viable and logical alternative to a strict and inflexible IT environment.

According to a study carried out by the hardware giant Dell 2, there are quite a number of distinct advantages to allowing BYOD in companies, they have discovered that:

  • 67% of users access private software and apps during work
  • That in companies that had a BYOD strategy have achieved a 38% optimization of business processes
  • There was a 34% increase in flexibility and mobility of the employee
  • A 31% Increased productivity and efficiency of the employee
  • 28% Increased cooperation among employees
  • 27% increased decision processes

Windows 10 has massively increased security mechanisms in terms of hardware security, Identity security, Data security and management tools to administer and control these technologies. Let’s take the scenario of Mobile device management with Windows 10 as being a “fait accompli” what tools are at my disposal to control it?

  • Windows defender

    • Full featured Antimalware Program successor to Microsoft Security Essentials
    • Updates signatures and Antimalware regularly
    • If an alternative Antimalware solution is installed Windows Defender disables real-time protection but remains available

  • Device guard

    • Available only with Windows 10 Enterprise
    • Used to completely lock down a device so that it can’t run untrusted code
    • Only Apps that are allowed to run are those that are signed by a Microsoft issues code signing certificate
    • This includes any Apps from the Windows Store as well as those submitted to MS to be digitally signed

  • TPM 2.0

    • Hardware based certificate technology which binds hardware to the identity credentials of a user.
  • Multifactor authentication

    • Additional security level to the standard username and password which involves additional authentication by recipe of a PIN on a mobile device (smartphone)
    • The agent is configured on all Windows 10 versions
    • Active Directory, Azure Active Directory, and Microsoft Accounts all support these new credentials

  • Microsoft Passport

    • In Windows 10, Microsoft Passport replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN.
    • Microsoft Passport lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication. After an initial two-step verification during Microsoft Passport enrollment, a Microsoft Passport is set up on the user's device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity; Windows then uses Microsoft Passport to authenticate users and help them to access protected resources and services. Source

  • Windows Hello

    • Introduces system support for biometric authentication – using your face, iris, or fingerprint to unlock your devices – with technology that is much safer than traditional passwords. You – uniquely you – plus your device are the keys to your Windows experience, apps, data and even websites and services. Not a random assortment of letters and numbers that are easily forgotten, hacked, or written down and pinned to a bulletin board. Modern sensors recognize your unique personal characteristics to sign-you-in on a supporting Windows 10 device. Source:
  • Enterprise Data Protection (EDP)

    • For Mobile devices or Desktop PCs
    • Administrators can mark and encrypt corporate Data to distinguish it from ordinary Data
    • When the relationship ends the Corporate Data can be deleted using remote wipe capabilities

  • Universal Apps

    • “Modern Apps”
    • Run in a secure virtual environment on the machine
    • Evergreen (apps are automatically kept up to date)
    • No administrative rights are required to install on the local machine

  • Bitlocker

    • Available in all versions of Windows 10 out of the box
    • Bitlocker allows you to choose only the section of the Disk which contains Data instead of the entire Disk
    • Faster less disruptive encryption process
    • Standard user without administrative privileges can reset a Bitlocker PIN

  • Integrated Rights Management (IRM)

    • Successor to DLP (Data Linkage Protection)
    • Encrypts confidential data utilizing certificate technology and prevents the unauthorized sharing or printing of confidential data

  • App triggered VPN

    • Secure VPN tunnel activation configurationfor certain applications

  • Smart Screen

  • MS Intune
    • Microsoft Intune enables the administration of mobile devices and PC’s in the cloud. With Intune employees and their companies have access to their applications and data and resources irrespective of their location and irrespective of what mobile device they are accessing the data from
  • EMS Enterprise mobility suite
    • Enabling your end users to work on the device or devices they love and providing them consistent and secure access to corporate resources from those devices. The EMS provides a hybrid identity solution, enabled by Azure Active Directory Premium
    • Delivering comprehensive application and mobile device management from both your on-premises infrastructure, including Microsoft System Center Configuration Manager, and Windows Server with Active Directory, as well as cloud-based services, including WindoIntune and Windows Azure. This helps to unify your environment. 
    • EMS provides mobile management enabled by Windows Intune
    • EMSdata protection, enabled by Azure Rights Management service. Helping protect your data by protecting corporate information and managing risk.

Each of these services are included in the Enteprise Mobility Suite. 
To learn more visit:


With Windows 10 all the tools to implement a mobile device strategy BYOD strategy are delivered and put at the disposal of enterprise IT organisations. Most people possess more than one technological device, be it a tablet PC, smartphone or laptop, as the adage goes “Where there is a will there is a way”. In other words, where people find it easier to use their own devices, they will. It should also not be overlooked that there are major benefits in terms of increased productivity and reduced operating costs in the introduction of a mobile device strategy including a recognition of the advantages of a “Bring your own device” strategy. At the same time there must be the awareness of the security implications and that the tools are at the disposal of IT to make the introduction as safe and as secure as can be.

1 + 2 Com! Professional Ausg. 3/15, S. 14, „Bring your own device? Aber sicher!”

Leipzig, 3/23/2016

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

Share this Article

Leave a Comment

Do you have a question or remark on this article you want to share with us?
 Post it here.