MDM solutions require employees to register their personal devices with the organization's MDM system before gaining access to corporate networks and applications. This process ensures that only approved and known devices are permitted to connect.

Once a device is enrolled, the MDM system can enforce security policies that include:

Access Control: Restricting or granting access based on the device's compliance with corporate security standards.
Configuration Management: Ensuring that devices are configured securely, with up-to-date operating systems and applications.
Remote Wipe and Lock: Allowing the organization to remotely wipe or lock a device if it is lost, stolen, or if suspicious activity is detected.
Data Encryption: Enforcing encryption for data stored on and transmitted by the device to protect sensitive information.
Application Control: Managing and restricting the installation of unauthorized applications that could pose security risks.

Sections

ID	Name	Description
IF002.010	Exfiltration via Bring Your Own Device (BYOD)	A subject connects their personal device, under a Bring Your Own Device (BYOD) policy, to organization resources, such as on-premises systems or cloud-based platforms. By leveraging this access, the subject exfiltrates sensitive or confidential data. This unauthorized data transfer can occur through various means, including copying files to the personal device, sending data via email, or using cloud storage services.
ME004.001	AirDrop	A subject can leverage Apple’s native peer-to-peer file sharing protocol, namely AirDrop - to transfer files directly to nearby personal devices over Bluetooth and Wi-Fi Direct. AirDrop operates on both macOS and iOS, and functions entirely outside routed enterprise networks, bypassing traditional firewall, proxy, or DLP controls. AirDrop sessions are proximity-based, require no shared credentials, and are often enabled by default. When used from a corporate-managed Apple device, AirDrop creates a covert and rapid pathway for off-network data transfer, even when connected to a corporate VPN or secured wireless configuration. Its convenience, invisibility to traditional network monitoring, and inconsistent endpoint logging make it especially attractive to subjects acting opportunistically or preparing for staged exfiltration.
ME004.002	Android Peer-to-Peer Storage	A subject can exploit Android-based peer-to-peer file sharing technologies - most notably Quick Share (on Samsung and Google devices) and Nearby Share (across Android platforms) - to wirelessly transfer files between devices using Bluetooth, Wi-Fi Direct, or ad hoc wireless links. These protocols operate entirely outside routed enterprise networks, bypassing traditional firewall, inspection, and DLP enforcement. Quick Share now extends beyond Android phones and tablets to support file sharing with Windows devices, including personal laptops not under enterprise management. This creates a seamless, low-friction transfer pathway between corporate mobile endpoints and uncontrolled personal systems — particularly dangerous in BYOD or loosely governed device environments. As with Apple AirDrop, these tools expand the subject’s capacity to exfiltrate data outside monitored channels, often with minimal visibility or user prompts. They are especially useful to subjects working in shared or home environments, where proximity to personal devices is routine and trusted by default.