NCSC BYOD Guidance

Free Trial

Endpoint Central helps implement NCSC BYOD guidelines: 

The latest version of the UK Cyber Essentials framework from the NCSC includes Bring Your Own Device (BYOD) within its scope. This means that organizations seeking Cyber Essentials certification are responsible for securing and managing BYOD devices. The NCSC also provides comprehensive guidance on how effective BYOD management can strengthen an organization's overall cybersecurity posture.

The table below demonstrates how Endpoint Central can be leveraged for effective BYOD management. 

S.No

Description (As given in NCSC website)

How Endpoint Central helps

1

Device compliance monitoring

• Including Application and device update status, jailbreak detection, presence of banned apps
• Use reporting if available from device attestation to provide assertions of device compliance and device health

Endpoint Central's MDM feature helps admins to detect the presence of jailbroken or rooted devices in their IT.

Admins could Blocklist apps and ensure that these are either uninstalled or request the end-user to uninstall these apps.

Endpoint Central's reporting capability helps you with identifying device compliance and health status.

2

Install applications from allowed lists only, using Enterprise application catalogs.

Endpoint Central helps admins install both enterprise apps and store apps into end-user devices.

Admins also can add applications to the end-user's app catalogue.

3

Prompt users to update their devices and corporate applications where possible and block access if not compliant (may not be applicable to BYOD)

Endpoint Central can perform app updates.


Endpoint Central has Office 365 MAM Conditional Access. Through this feature, it allows admins to enforce policies in such a way that they can block access or wipe data to end-users when the apps don't comply with the organization's security standards.

4

Monitor and report on the status of installed corporate apps (may not be applicable to BYOD)

Endpoint Central has comprehensive reporting capabilities that can provide app details such as:

I Devices with/without Specific App
ii App installation summary
iii Blocklisted Apps Summary
iv New App Detected
v Devices with Block listed apps 

5

Ensure you can remotely remove access to corporate resources

Endpoint Central helps admins to silently install/ uninstall apps in their work profile (BYOD) devices. In case of data theft, admins can perform corporate wipe to selectively remove the corporate data in BYOD devices.

6

Restrict the ability to copy data between work and personal environments

Endpoint Central can help admins restrict unauthorized sharing of corporate data between the admin-managed corporate container and the personal container, such as copy and paste via clipboards.

7

Only expose corporate resources that the individual user/group requires

Endpoint Central can help admins segregate users /devices based on their custom needs and distribute corporate apps and content accordingly.

Refer here and here for more details.

Endpoint Central has Conditional Exchange Access to restrict access for unmanaged devices and permit only MDM approved BYOD devices to access the Exchange servers

8

Set ‘terms of use’ within your MDM if it has this facility, use SyOps, and communicate privacy boundaries through the MDM.es

Endpoint Central has provisions to distribute terms of use policies to users that can contain security mandates, compliances, and recommendations. It allows admins to inform the users about the data collected from their devices and the reasons for the same.

This table outlines the technical controls required for effective Mobile Application Management (MAM) policies. Additionally, we have included how Endpoint Central can be utilized to implement these controls efficiently.

S.No

Description (As given in NCSC Website)

How Endpoint Central comes into picture

1

Only provide access to corporate services/applications from Enterprise managed/approved application stores.

Endpoint Central helps admins to silently install/ uninstall apps in their work profile of their (BYOD) devices.

Endpoint Central has Conditional Exchange Access to restrict access for unmanaged devices and permit only MDM approved BYOD devices to access the Exchange servers

2

 Enforce App version compliance and push updates where possible Endpoint Central has Office 365 MAM Conditional Access. Through this feature, it allows admins to enforce the users to run the app on a specified version and prompt them to update if necessary.

Admins can also silently install the apps (with a specific version) and ensure version compliance. They can also perform app update using MDM if necessary.

3

 Ensure you can remotely remove access to corporate applications and associated data In case of data theft, admins can perform corporate wipe to selectively remove the corporate data in BYOD devices.
 

4

 Restrict the ability to copy data from corporate apps to non-corporate apps. Endpoint Central can help admins restrict unauthorized sharing of corporate data between the admin-managed corporate container and the personal container, such as copy and paste via clipboards.

5

Use strong authentication for access to corporate applications

To ensure safe access to corporate application, Endpoint Central leverages enterprise SSO using kerberos protocol.

Endpoint Central also leverages Certificate Based Authentication using SCEP

6

 Audit and log access to corporate applications and resources Endpoint Central has comprehensive reporting capabilities useful for audit purposes.

7

 Only expose corporate resources that the individual user/group requires Endpoint Central can help admins segregate users /devices based on their custom needs and distribute corporate apps and content accordingly.

Refer here and here for more details.

Endpoint Central has Conditional Exchange Access to restrict access for unmanaged devices and permit only MDM approved BYOD devices to access the Exchange servers

 

Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.

Trusted by

Back to Top