Bring Your Own Device for Desktop Operating Systems

Description

HES are running a Bring Your Own Device (BYOD) project and are looking for a BYOD solution to provide BYOD to several desktops and laptops that run Desktop Operating Systems (estimated at between 50 and 100 devices). Lot 1: HES are running a Bring Your Own Device (BYOD) project and are looking for a BYOD solution to provide BYOD to several desktops and laptops that run Desktop Operating Systems (estimated between 50 and 100 devices). Currently we have been allowing access to a number of cloud services via web browsers but this method of delivery is not compliant with our security certification standards. The primary objective of this configuration is to ensure compliance with Cyber Essentials Plus (currently on Version Willow). We require a solution that will accommodate Windows OS and would like it, if possible, to support MAC OS. In addition to meeting CE+ compliance standards the ideal configuration must: - Automatically block access to Corporate Systems when the device becomes non-compliant. - Automatically re-enable access to Corporate Systems when the device becomes compliant. - Only allow access to Corporate Systems and data through specific Controlled Applications. The current list of applications is: - Microsoft Outlook (Email) - Microsoft Outlook (Calendar) - Microsoft Teams - Microsoft SharePoint (HES Site) - Service Now (Now Mobile App). - Oracle Fusion Application - Prevent the user from saving any Corporate Data outside of these applications. - Allow a HES Administrator to remotely wipe all Corporate Applications and data from the Device (manually offboard). And, in addition to meeting CE+ compliance standards the ideal configuration should: - Allow a user with an active HES AD Account to self-enrol for BYOD but require HES approval as a step (to ensure that they accept the terms of use and that the cost is agreed internally). - Authenticate the device without requiring daily MFA (MFA may be part of enrolment). The configuration and device must not: - Connect directly to the HES VPN or HES Corporate Wi-Fi. Once deployed, management of any solution should be managed by HES (the requirement is for configuration of the service).