Project Phases
Implementation Roadmap
Click any checkbox to track progress. Click phase headers to expand or collapse.
Phase 1: Policy & Planning
0 / 5
Week 1
Not Started
- Draft BYOD acceptable use policy defining supported platforms (iOS, Android, Windows, macOS)
- Determine enrollment strategy: MAM-only (app-level) vs. MDM (device-level) per platform
- Define minimum device requirements (OS version, storage, not jailbroken/rooted)
- Identify which corporate apps will be available on personal devices
- Get BYOD policy reviewed and approved by client leadership and legal
Phase 2: Intune Configuration
0 / 5
Week 2
Not Started
- Create Intune App Protection Policies (MAM) for iOS and Android
- Configure device compliance policies for BYOD-enrolled endpoints
- Set up Conditional Access policies requiring compliant or app-protected access
- Configure enrollment restrictions (block personally-owned if MDM-only, set platform limits)
- Create device configuration profiles for Wi-Fi, VPN, and email (if MDM)
Phase 3: Device Enrollment
0 / 5
Week 3
Not Started
- Deploy Company Portal app to users via email instructions or app store link
- Create step-by-step self-enrollment guide with screenshots for each platform
- Test enrollment flow on iOS, Android, Windows, and macOS test devices
- Verify enrolled devices appear in Intune portal with correct compliance state
- Troubleshoot common enrollment failures (certificate issues, OS restrictions, account conflicts)
Phase 4: App Deployment & Security
0 / 5
Weeks 3-4
Not Started
- Deploy managed versions of Outlook, Teams, and OneDrive via Intune
- Configure app protection policies to prevent copy/paste to unmanaged apps
- Set up selective wipe capability (removes corporate data only, preserves personal)
- Configure app-level PIN or biometric requirement for managed apps
- Verify data containerization is working (corporate data isolated from personal)
Phase 5: Validation & User Training
0 / 4
Week 4
Not Started
- Run end-to-end enrollment test with 3-5 pilot users across different platforms
- Create user-facing FAQ document covering privacy, what IT can and cannot see
- Deliver training session on Company Portal, managed apps, and self-service options
- Establish support procedures for lost/stolen device reporting and remote wipe requests
Your Team
Dedicated Project Team
Professionals assigned to your BYOD enrollment project.
T1
Team Member
Mobility Architect
BYOD Policy & Strategy
T2
Team Member
Intune Administrator
MAM/MDM Configuration
T3
Team Member
Endpoint Engineer
Enrollment & Troubleshooting
T4
Team Member
App Security Specialist
Data Containerization
T5
Team Member
Training Coordinator
User Enablement & Docs
Key Information
Project Guidelines
Success Criteria
- BYOD policy approved and communicated to all employees
- App protection policies enforced on 100% of personal devices accessing corporate data
- Users can self-enroll personal devices without IT intervention
- Corporate data containerized and wipe-ready on all BYOD endpoints
- Zero personal data exposure from IT-initiated selective wipe
- Support procedures documented for lost/stolen device scenarios
Risk Mitigation
- Start with MAM-only (least invasive) before considering MDM enrollment
- Test selective wipe on lab devices before deploying to production
- Clearly communicate privacy boundaries - what IT can and cannot see on personal devices
- Pilot enrollment with IT staff first, then expand to broader organization
- Maintain fallback web-only access for users who decline enrollment
Communication Plan
- Announce BYOD program with FAQ document 2 weeks before launch
- Host voluntary Q&A session for employees with privacy concerns
- Send platform-specific enrollment guides via email on launch day
- Provide dedicated support channel for enrollment issues during first 2 weeks
- Collect feedback survey 30 days after launch to identify pain points