How to "Bring Your Own Device" (BYOD) into Compliance

Get Help

Posted on October 4, 2017

Updated on

December 2, 2024

This guide contains helpful information on bringing your BYOD device into compliance with the security requirements of the Mass General Brigham network.

Requirements

Security Software: AntiVirus, Encryption, and ForeScout SecureConnector (Required when accessing MGB's Network)
Eligible Devices: Windows, Mac, iOS, Android
- Devices must have a compliant OS to be used for BYOD. Please see article KB0039035 Device Operating System (OS) Compliance Requirements
MDM Enrollment: MGB uses Microsoft Intune for device management and is required on BYOD devices that are accessing MGB corporate resources.

Support will not be provided for devices older than five years.

Windows

AntiVirus

Windows Defender Antivirus is enabled by default on Windows 10/11 devices.

How to turn on Windows Defender Antivirus real-time protection for computers.

Open Windows Security
Go to Virus & Threat Protection > Virus & Threat Protection Settings
Turn on Real-time Protection

Encryption

Microsoft BitLocker and McAfee Drive Encryption are approved methods of encryption. Check to make sure the device is encrypted by following the steps below.

BitLocker

Open My Computer
Look for a closed lock icon on the C: drive.
If not encrypted, turn on BitLocker Drive Encryption:
1. Start > Control Panel > System and Security
2. Click BitLocker Drive Encryption
3. Click Turn on BitLocker

McAfee

Right-click the McAfee Shield icon in the lower right corner of your computer.
- If there is no McAfee icon, open a Service Desk ticket.
Click Quick Settings
Click Show Endpoint Encryption Status
1. If status is Active, the device is encrypted.
2. If status is Inactive, open a Service Desk ticket.

SecureConnector

MGB's ForeScout SecureConnector client can be installed from the MGB Company Portal once your device is enrolled in Intune.

MDM

Enrollment steps can be found here: KB0041695 HOWTO: Enroll Your Personal Windows 11 device into Intune

MacOS

AntiVirus	MGB's CrowdStrike Falcon Sensor client can be installed from the MGB Company Portal once your device is enrolled in Intune.
Encryption	Apples FileVault is an approved method of encryption. Use the following steps to enable: Open System Settings> Privacy & Security> FileVault Click Turn On Please Note: Save your encryption key in a safe and secure location.
SecureConnector	MGB's ForeScout SecureConnector client can be installed from the MGB Company Portal once your device is enrolled in Intune.
MDM	Enrollment steps can be found here: KB0041620 HOW TO: Enroll Your Personal Mac Into Intune

iOS

Encryption	iOS devices are encrypted by default once enrolled or when a passcode is applied.
MDM	Enrollment steps can be found here: KB0041208 HOW TO: Intune Enrollment for iOS Personal Device

Android

Encryption	Android devices are encrypted by default once enrolled or when a passcode is applied.
MDM	Enrollment steps can be found here: KB0041207 HOW TO: Intune Enrollment for Android Personal Device

KB0039035 Device Operating System (OS) Compliance Requirements
KB0041729 INFO: Microsoft Company Portal User Guide
KB0041720 Info: Encryption requirement for Windows Devices
KB0041730 How To: Switch a Personal device from PEAS to Microsoft Intune

Escalation

For any issues or additional questions, please open a ticket with the Service Desk.

Go to KB0033785 in the IS Service Desk