Like most normal people I have no idea what PCI DSS requires. All I know is what the PCI compliance inquisitor says it says, or really what my risk management guy says the compliance guy says it says. And what’s the difference? If he says he says it says we have to have MDM on BYOD, it’s not like I’m going to write a first-principles rebuttal.
