Llamaha icon

Article

BYOD basics

Bring Your Own Device — using a personal phone or laptop for work — is common but not always well explained. Here is what to expect, what your employer can and cannot do, and how to keep work and personal cleanly separated.

What Is Usually Required

Conditions to access work resources from a personal device

A passcode or biometric on the device

Almost every BYOD policy requires that the personal device be locked with a passcode, fingerprint, or face unlock. This is enforced by your firm's mobile device management (MDM) like Intune or Jamf.

An MFA app for sign-ins

Microsoft Authenticator, Duo Mobile, or Okta Verify will usually be required to sign into work accounts.

A work app container or profile

On phones, apps like Outlook, Teams, and OneDrive often install in a "work" mode that keeps work data separate. On a personal Mac or PC, you may be asked to install Company Portal or a similar agent.

What Your Employer Can See

The realistic boundaries

Usually: device model, OS version, encryption status, work app data

For compliance, IT can see whether the device meets policy (encrypted, up to date, has passcode) and they can manage work apps and work data on it.

Usually not: personal photos, texts, browser history, location

Most BYOD setups separate personal data from work data. IT does not see your photos or browsing on a properly configured BYOD setup.

Read your employer's BYOD policy

Specifics vary. Your firm should have a written BYOD policy explaining what is and isn't visible. If you cannot find it, ask HR or IT.

Selective Wipe

What happens if you leave the company

Most BYOD systems use "selective wipe"

When you leave or your access is revoked, IT removes only the work apps, work data, work email, and work documents from the device. Your personal photos, contacts, and apps stay.

Avoid storing work files in personal apps

If you save a work spreadsheet to your personal Google Drive, that file is not in the work container and won't be wiped — but it also shouldn't be there. Keep work files in OneDrive, SharePoint, or your firm's storage.

Sign out of work accounts before disposing of an old phone

If you sell or give away the phone, sign out of all work accounts and remove the work container first. If in doubt, factory-reset the phone.

Practical Tips

Make BYOD work for you

Use the work versions of apps, not personal email forwarding

Forwarding work email to your personal Gmail puts work content in a personal account, which is usually a policy violation and removes work search and security features.

On laptops, use a separate browser profile for work

In Edge or Chrome, create a Work profile signed into your work account. Your personal bookmarks, passwords, and history stay separate.

Turn on Focus modes for work hours

iPhone Focus and Android Work Profile can pause work app notifications outside work hours so you actually unplug.

Know your right to disconnect

Just because work apps are on your personal phone does not mean you have to be reachable 24/7. Set expectations with your team about response time.