Connect
Ask Community
Ask the community
Ask Community
  • Home
  • General
  • Work files on BYOD — How are you keeping them separate?

Work files on BYOD — How are you keeping them separate?Solved

Profile photo of mila_beck
mila_beck
Participant
Discussion
Hexnode UEM
4 days ago Feb 16, 2026

We’ve started allowing BYOD for work email and documents. I keep hearing about “containerizing” work apps and files, but trying to understand what that actually means in practice. If a work PDF is opened on the device, how is it kept from ending up in personal apps? 

topic view count 20 Views

Tags

Android (453) Android Enterprise (139) iOS (359) iPadOS (95) macOS (471)
Reply

Replies (4)

Marked SolutionPending Review
Profile photo of sophia_miller Novice image
sophia_miller
Participant
4 days ago Feb 16, 2026
Marked SolutionPending Review

Same here.  

On iOS and Android, users already have their own apps and cloud accounts set up. Curious how tools like Hexnode keep work content from crossing that boundary without getting intrusive. 

Marked SolutionPending Review
Profile photo of isabel_lora Hexnode Expert image
isabel_lora
Hexnode Expert
4 days ago Feb 16, 2026
Marked SolutionPending Review

Good questions from both of you. This is a common point of confusion when teams first move to BYOD.

In Hexnode UEM, this is handled through OS-native data containerization. Corporate apps and files are treated as managed content, and the operating system itself enforces how that content can be accessed or shared. There’s no inspection of personal apps or personal data.

On iOS/macOS:

  • Work files are marked as managed by the OS.
  • Managed Open-In ensures that managed files can only be opened in managed applications.
  • The OS blocks moving managed content to unmanaged apps, AirDrop, or personal cloud locations.

On Android:

  • Corporate content is stored inside an Android Enterprise Work Profile.
  • The Work Profile acts as an encrypted, OS-level secure container.
  • Apps outside the Work Profile cannot see or access work files.

This creates a secure content container enforced at the platform layer.

Best Regards,
Isabel Lora
Hexnode UEM

Marked SolutionPending Review
Profile photo of sophia_miller Novice image
sophia_miller
Participant
3 days ago Feb 17, 2026
Marked SolutionPending Review

Makes sense. What happens to the work files when an employee leaves the company? 

Marked SolutionPending Review
Profile photo of isabel_lora Hexnode Expert image
isabel_lora
Hexnode Expert
3 days ago Feb 17, 2026
Marked SolutionPending Review

When an employee leaves, admins can trigger a selective wipe. 

This removes only the managed apps and managed content from the secure container, while leaving the rest of the device unchanged. The same behaviour applies if the device is unenrolled or marked non-compliant, across both Apple Managed Open-In and Android Enterprise Work Profile setups. 

Best Regards, 
Isabel Lora 
Hexnode UEM 

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Pro image
bram
1995 pts
Profile photo of timo-liam Veteran image
timo-liam
1390 pts
Profile photo of leo_scott Novice image
leo_scott
1232 pts
Profile photo of carter Novice image
carter
1205 pts
Profile photo of eliiza Novice image
eliza
1157 pts
View all

Popular Tags

ABM (53)
Android (453)
iOS (359)
macOS (471)
Windows (321)
Apple TV (33)
App Management (352)
Enrollment (104)
Location (29)
Kiosk (216)
Scripts (88)
ADE (48)
OS Updates (78)
Android Enterprise (139)
View all