Electronics Components Industry BYOD Device Management

Background

A listed company in Taiwan specializing in thermal module solutions for servers, graphics cards, and laptops needed to implement a Bring Your Own Device (BYOD) management solution. As employees increasingly preferred using their personal Apple devices for work, the company sought a way to provide secure access to corporate resources without compromising employee privacy.

Challenges

The customer faced several key challenges:

• Privacy Concerns: Employees were reluctant to enroll personal devices in traditional MDM due to privacy concerns
• Data Security: Corporate data needed to be protected on personal devices without the company having access to personal content
• Resource Access: Employees needed easy access to corporate apps, Wi-Fi, VPN, and internal resources
• Security Policies: IT needed to enforce basic security policies like password requirements and screen lock without being intrusive
• Data Leakage Prevention: Corporate data should not be able to leak to personal apps or storage

Solution

KlickKlack designed a comprehensive BYOD solution based on Jamf:

Account-Driven Enrollment

Integrated Apple Business Manager with Jamf Pro:

• Employees simply sign in with their company account on personal devices to complete enrollment
• No need for IT to physically touch devices; enrollment is user-initiated
• Clear separation between managed corporate area and personal area

Automatic Resource Provisioning

Upon successful enrollment, employees automatically receive:

• Corporate Applications: Work apps deployed via VPP (such as Outlook, Edge), plus In-House apps developed internally
• Self Service: Enterprise App Store where employees can access IT-deployed work applications
• Wi-Fi Configuration: Automatic corporate Wi-Fi deployment (supporting WPA2/3 Personal, Enterprise, or certificate authentication), eliminating manual password entry
• Bookmarks & Web Clips: Web Clip icons deployed to home screen, and enterprise resource links deployed to Edge browser bookmarks

Jamf Security Cloud (ZTNA)

Deployed Jamf Trust App to achieve Zero Trust Network Access:

• Split Tunneling: Specific internal IP or Domain traffic routed through encrypted tunnel to company firewall
• Direct Internet Access: Employee personal internet traffic bypasses corporate network, ensuring speed and privacy
• Content Filtering: Implemented specific website access policies via Jamf Trust

Complete Data Separation

Leveraging Apple's BYOD data boundary mechanisms:

• Block Corporate to Personal: Prevent corporate app (e.g., Outlook) attachments from opening in personal apps (e.g., LINE)
• Allow Personal to Corporate: Allow personal data to open in corporate apps (e.g., sharing personal photos to Teams)
• Cloud Backup Restrictions: Prevent corporate app data from backing up to personal iCloud
• Copy/Paste Restrictions: Restrict copying text from corporate apps to personal apps

Password Policy & Compliance Checks

IT can enforce essential security policies:

• Compliance Checks: Immediately revoke corporate resource access if device lacks passcode or poses risks
• Work Data Protection: Require device passcode to access corporate email and corporate apps
• Push Notifications: IT can send important notifications directly to employee iPhones

Results

After deployment:

• Employee Adoption: High enrollment rate due to privacy-respecting approach
• Security Compliance: Corporate data protected without accessing personal information
• User Experience: Seamless access to corporate resources from personal devices
• IT Efficiency: Automated provisioning reduces IT workload
• Risk Mitigation: Clear data boundaries reduce data leakage risks

---

KlickKlack is the only partner in Taiwan with both Jamf MSP and Elite Partner certifications, providing comprehensive enterprise management and security solutions for Apple devices. Whether it's device deployment, application management, security protection, or compliance requirements, we offer professional consulting and implementation services.