Consider a scenario where you are required to specify security requirements for a mobile workforce using a mix of company-owned and personally-owned devices. Detail the comprehensive strategy you would adopt to ensure endpoint protection, hardening, and configuration management, considering the diversity of devices and potential threats.