Assuming you are allowing employees to enroll their personal devices in your AirWatch environment, there are many considerations you must make before you proceed.
Consideration #1: Will BYOD Users Enroll With VMware Workspace ONE, AirWatch Container App, or the AirWatch Agent?
VMware Workspace ONE is a secure enterprise platform that delivers and manages any app on any device. It begins with self-service, single-sign on access to cloud, mobile, and Windows apps and includes powerfully integrated email, calendar, file, and collaboration tools.
With Workspace ONE, users do not need to enroll their personal devices to get access to services. The Workspace ONE app itself may be downloaded from the Apple App Store, Google Play, or Microsoft Store and installed. A user then logs in and gains access to applications based on the established policies. The Workspace ONE app configures an MDM management profile during its installation that enrolls the device automatically.
AirWatch Container enables you to provide specific resources to segments of BYOD users. For example, some users may only want access to corporate email, while others may only require access to a single enterprise app.
With AirWatch Container, your BYOD users can enroll in AirWatch and securely access business applications and resources without receiving the same AirWatch profile corporate-owned devices receive.
AirWatch Container addresses privacy concerns users have about MDM by only giving administrators the ability to control managed enterprise apps instead of the entire device.
Consideration #2: How Will You Specify Ownership Type?
Every device enrolled into AirWatch has an assigned device ownership type: Corporate Dedicated, Corporate Shared, or Employee Owned. Employees' personal devices are categorized as an Employee Owned type and subject to the specific privacy settings and restrictions you configure for that type.
In answering the question of specifying an ownership type, consider the following.
- Do you have access to a master list of corporate devices that you can bulk upload into the AirWatch Console? If so, you may consider uploading this list and setting the default ownership type to Employee Owned.
- Have you considered the legal implications of allowing users to select an ownership type from a list? For example, if a user enrolls a personal device but incorrectly selects corporate owned as the ownership type. What are the ramifications when that user violates a policy and has their personal device fully wiped?
For your BYOD program, you can configure AirWatch to apply a default ownership type during enrollment or allow users to choose the appropriate ownership type themselves.
Consideration #3: Will You Apply Additional Enrollment Restrictions for Employee-Owned Devices?
When answering this question, consider the following.
- Does your MDM deployment only support certain device platforms? If so, you can specify these platforms and only allow devices running on them to enroll.
- Are you limiting the number of personal devices an employee is allowed to enroll? If so, you can specify the maximum number of devices a user is allowed to enroll.
You can set up additional enrollment restrictions to further control who can enroll and which device types are allowed. For example, you may choose to support only those Android devices that feature built-in enterprise management functionality. After your organization evaluates and determines which kinds of employee-owned devices they want to use in your work environment, you can configure these settings.
For more information, see Additional Enrollment Restrictions.