An organization has implemented a Bring Your Own Device (BYOD) policy, allowing employees to use their personal mobile devices for work-related tasks. Aware of the varying legal ramifications and privacy concerns across different jurisdictions related to controlling personal devices, the organization seeks to enhance the security of these devices within the constraints of these legal and privacy issues. Considering this context, which of the following measures would be the MOST effective way to navigate these complexities while striving to secure employees' mobile devices under the BYOD policy?