About this program
Mobile devices accessing corporate data should be managed. Quick audit on enrolment, posture and wipe capability.
Risks addressed
- High Lost phone with cached mailbox / OneDrive data
- High Unmanaged personal device accessing corporate apps
- High No way to wipe corporate data on offboarding
Controls (6)
-
All corporate phones enrolled in MDM
HighAll corporate phones enrolled in MDM
How to test + evidence
Testing procedure: Compare MDM roster against HR + mobile carrier list.
Evidence to collect: MDM roster + delta.
-
Conditional access blocks unenrolled devices
HighConditional access blocks unenrolled devices
How to test + evidence
Testing procedure: Tier-1 apps require compliant device claim from MDM.
Evidence to collect: CA policy export.
-
Encryption + passcode enforced
HighEncryption + passcode enforced
How to test + evidence
Testing procedure: MDM profile requires device PIN, biometrics, disk encryption.
Evidence to collect: MDM compliance policy.
-
Remote wipe capability tested
HighRemote wipe capability tested
How to test + evidence
Testing procedure: Documented test of remote-wipe on a sample device within last 12 months.
Evidence to collect: Wipe test report.
-
OS version policy + non-compliant remediation
MediumOS version policy + non-compliant remediation
How to test + evidence
Testing procedure: Devices >2 major versions behind are non-compliant and pushed to update.
Evidence to collect: Compliance report.
-
Containerised work profile (BYOD)
MediumContainerised work profile (BYOD)
How to test + evidence
Testing procedure: Personal devices use work profile; corporate data isolated.
Evidence to collect: BYOD config.