We’ve been trying to get more control over how company data is handled on devices, but it’s getting messy. We started by blocking a few obvious apps, then pushed some approved ones, but honestly it still feels inconsistent. Some users are sticking to the setup, others are finding ways around it, especially when it comes to saving or moving files.
For those who’ve gone through this, how did you actually structure things so it’s not just a bunch of disconnected controls?
28 Views
Yeah, that “disconnected controls” feeling is real. Felt like we were just stacking policies and hoping for the best 😅. What helped us was thinking in terms of sequence instead of just features. First decide what shouldn’t exist on the device at all, then control how the allowed ones behave. That gave us a cleaner starting point.
And just deploying approved apps isn’t enough unless you define how they’re used. We had cases where users installed the right apps but signed in with personal accounts or used them in ways we didn’t expect. Once we configured app configurations, like limiting account domains, it started behaving more like a controlled setup. Before that, it was basically approved app, uncontrolled usage!
For us, the real shift happened when we stopped focusing only on apps and started focusing on the data itself. We enforced controls through Business container on iOS and Work profile on Android. That way, files from managed apps couldn’t just move into personal apps. So even if a user tries something creative, the data doesn’t really leave the managed space.
That’s interesting. I think right now we’re still very app-focused, not data-focused.
But even then, what about access through browsers? That’s been a tricky one. It feels like a separate problem altogether.
Yeah, browsers kind of sit outside all of this if you don’t plan for them. We had to bring that into the same strategy by controlling which sites are accessible using web filtering. Not super aggressive at first, but enough to block the usual file-sharing routes. Otherwise, it just becomes “blocked app, open browser, problem solved” from the user’s side 😅
And once you bring browsers into the mix, you start seeing the full picture.
We realized some teams were relying on certain tools we hadn’t officially approved. That helped us adjust instead of just blocking and dealing with escalations.
Also worth mentioning controls like copy paste, screenshots, and file transfers. We didn’t prioritize them initially, but they matter more than you think. Even with everything else in place, those small gaps can still cause issues. It’s always the tiny things that slip through.
Got it, so instead of trying to fix everything at once, it’s more about building it step by step. Apps, usage, data movement, access, and then tightening the smaller gaps?
Exactly. Once it’s structured that way, it stops feeling like patchwork and starts working like a system. Way less firefighting too!
Don't have an account? Sign up
