Secure BYOD is mostly unsolved wrt most common/popular Android phones. (Windows is also “a thing” but that didn’t stop Maersk or whoever from getting ransomwared, did it?)
Most serious orgs prohibit BYOD unless you are on Pixel or iPhone where MDM can actually work securely. There is no meaningful way to secure corporate data on an employee-owned Galaxy, for example.
It is the rare corp that can do BYOD securely. The best practice is issuing corporate iPhones to all staff with universal MDM and keeping all corp data physically separate from personal devices.
This also saves your employees’ nudes in a subpoena/discovery situation during a civil action against the corp, which is all too common.
I don't know about Samsung, but even some random Chinese smartphones pass the MDM checks these days. I had Unihertz Atom XL as my BYOD work device for quite a while with no issues.
Most serious orgs prohibit BYOD unless you are on Pixel or iPhone where MDM can actually work securely. There is no meaningful way to secure corporate data on an employee-owned Galaxy, for example.
It is the rare corp that can do BYOD securely. The best practice is issuing corporate iPhones to all staff with universal MDM and keeping all corp data physically separate from personal devices.
This also saves your employees’ nudes in a subpoena/discovery situation during a civil action against the corp, which is all too common.