Evaluate and define allowed devices. Does the device have built-in encryption? Can jailbreaking/rooting be detected or prevented? Can passwords be enforced? Does the device allow management? Can it support Exchange ActiveSync policies? Are there available apps that offer the kind of productivity your customer needs? Does it allow for in-house apps?

Refine network accessibility. If they don’t already have one, you could help them set up a guest wireless network, walled off from the internal network. This will also serve as the enrollment network for employee-owned mobile devices. Once a device is enrolled, it should be automatically evaluated and assigned privileges and restrictions accordingly.

Determine appropriate management policies. How will your customers apply privilege and restriction policies to BYOD? Start by helping them define policy-based management by relying on previously organized directories (like Active Directory) and base policies on these groupings. Help them set up an umbrella security policy that includes automatic remediation when devices fall out of compliance and establish a centrally administered document repository to deter employees from using services like iCloud or Dropbox.

Create an employee agreement. There is a certain trade-off between privacy and control. Your customers’ employees need to realize that accessing corporate information means ceding a certain amount of control over the device’s settings. At the same time, your customers need to understand that management no longer means total control, at the sacrifice of productivity. Either way, it’s important both parties agree.

Choose the right EMM solution. The most important consideration in evaluating automated management tools is not a feature set comparison; it’s whether or not the tool supports your customers’ policies and agreed upon devices. Start with your customers’ challenges and then figure out how to best address them with software.