Jamf Nation Community

Adam-B · ‎04-07-2025

Hello Everyone,

I got a sudden challenge on my desk to get a BYOD system working for our comapny. From my knowledge there isn't a BYOD set up so to say for MacOS.

I see user enrollment is the method for this and it enters a un-supervised state. My questions are:

how do we differentiate in a smart group who has these machines to get certain policies?

How do we remove company data if said user is offboarded for any reason (we don't want to leave the control to the user)?

In anyone's experience, what are some best practices from your BYOD setup you have started in your company.

I am a small team and JAMF isn't our expertise (working on getting help to dive deeper with MacOS Administration) so any help is GREATLY appreciated. Thank you!

sdagley · ‎04-07-2025

@Adam-B IMO the BYOD model is a bad idea for Macs. macOS does not support a concept like iOS where you can have a separate areas for corporate apps/data and personal apps/data. If you were looking to ensure removal of company data from a device you'd need to wipe it, I expect most Mac users would refuse the BYOD model if they were aware of that lack of separation, and if your company would need the ability to wipe their personal Mac.

Chris_Hafner · ‎04-08-2025

This is a great question and a pretty big topic. There are a lot of technologies being developed to help with this exact kind of scenario you're asking about. I certainly don't think it's as dire as the previous comment implies. Check out the IBM case for supporting BYOD and employee choice programs and tools like JAMF Trust to maintain separation between personal and professional data/applications.

We've been BYOD for a long time and have had little or no issues with maintaining this separation, though we may not have the same level of data security concern. Any data we have of a sensitive or protected nature needs to stay on our managed platforms. Even if it's just Google Drive.

Jamf Nation Community

JAMF PRO - BYOD Macbooks