How to Protect Your Business from the Threat of Unmanaged Devices

• By David Ramel
• 04/30/2026

Security teams have spent years hardening the corporate endpoint. Managed laptops are patched, monitored, encrypted, and tied to compliance policies before they are trusted with sensitive data. But work no longer happens only on fully managed devices. Contractors, partners, frontline workers, personal machines, temporary access scenarios, and bring-your-own-device realities have all expanded the number of moments when business data is touched from systems IT cannot fully see or govern.

That shift has turned unmanaged devices into one of the most persistent security blind spots in modern environments. It is easy to understand why. Traditional device management works best when the organization owns the endpoint and can enforce a full stack of controls. Unmanaged devices are different: the challenge is not just blocking access, but deciding how to allow productive work while still reducing the chances of data leakage, risky downloads, session hijacking, or unauthorized persistence. Microsoft's security stack has increasingly moved toward that middle ground, with technologies such as MAM for Windows and session controls in Defender for Cloud Apps and Edge for Business giving organizations more ways to protect access without requiring full device enrollment.

That balance between usability and control is the focus of "How to Protect Your Business from the Threat of Unmanaged Devices", presented on August 5 from 2:30 p.m. to 3:45 p.m. at TechMentor & CyberSecurity Live! @ Microsoft HQ in Redmond, Wash. The intermediate-level session starts from a problem many attendees will recognize immediately: organizations have invested heavily in securing their managed endpoints, yet unmanaged devices still have pathways into business apps and data—and ignoring them leaves the organization exposed.

Myron Helgering will break that problem down into practical categories by identifying the different user groups that operate from unmanaged devices and then walking through ways to combine controls that actually fit those scenarios. The session description points to a toolkit that includes MAM for Windows, session policies, MTD connectors, Edge for Business, in-browser protection, and related capabilities. In other words, this is not just a warning about unmanaged-device risk; it is a blueprint for building a workable response.

That practical angle matters. Too often, unmanaged-device conversations collapse into absolutes: either block everything or accept the risk. Real environments are rarely that simple. Some users need lightweight access. Some need app-level protections. Some need browser isolation and restrictions on cut, copy, paste, print, or download behaviors. Others require stronger identity checks and conditional access patterns tied to context. A useful strategy depends on understanding which controls belong in which scenarios—and how to combine them without creating so much friction that users route around them.

Helgering appears especially well positioned to guide that discussion. His speaker profile identifies him as a Microsoft MVP and Solution Lead Security at Pink Elephant, with a focus on building Microsoft-based security products and services that make work environments safer and keep them safe over time. That hands-on orientation fits the session's promise: attendees will not just hear why unmanaged devices are risky, but learn methods they can apply to protect their own environments against data leakage, unauthorized access, and broader cyber threats.

For security leaders and practitioners trying to close one of the most stubborn gaps in modern access strategy, this session looks like a timely addition to the week's agenda. As organizations keep extending work beyond traditional managed endpoints, unmanaged-device protection is no longer a side issue. It is a core part of how businesses defend data where work actually happens.