Your organization uses an array of devices, from mobile phones to Jamboards. The security team has flagged an issue: confidential company data is being accessed from unauthorized external devices. You need to ensure that only company-authorized devices can access this data. What should be your primary step?