@[email protected] @[email protected] I know back awhile ago, Outlook on android had the ability to wipe a device without MDM. Coworker accidentally wiped an ex employee’s personal device trying to deauthorize it.

@[email protected] my employer recently refreshed phones and the new ones come with MDM installed by default. I carefully read the privacy policy and they explicitly say that in a justified case they’re allowed to read your private data and can lock/delete the phone if necessary. Nope, my private data wont be on that device.

@[email protected] Good advice. Never had, on any personal device.

When I was at S***, they wanted to do that so I can get work email and basically be available on-call after-hours.

I told them from manager up to SVP “give me a separate phone, or I’m not doing it”.

They never gave me a separate phone, and I wasn’t held to be available off-hours.

Really helped when I separated from company as nothing I had got arbitrarily remotely wiped.

Also saved things during the Crowdstrike event.

@[email protected] there are settibgs within intune to only put in place control over the corporate apps. Essentially containerizing that data and wiping only that data without the ability to remote wipe the rest of the phone.

@[email protected] @[email protected] If your company requires access to your phone, then they owe you a phone.

@[email protected] one thing that surprised me about Intune MDM on a personal device is that your organization can reset/remove your passcode at will. I still can’t find anything in the docs nor enrollment process that would clearly explain this capability to the user.

@[email protected] I’m curious, but how would isolating this within an island suffice if one absolutely had to do it?

@[email protected] I have to install this on people’s devices as part of my job. I’m shocked at the number of people who would rather put this on their personal phone as opposed to carrying a second company-supplied phone. And yes, the option is presented.

@[email protected] Thais Blog Post is 7 years old and a lot has changes singe then. The mentioned android administrator profile is deprecated and replaced bz a much user friendlier version. If done right ( aka competent IT, segregation profiles, dual sim) there is nothing speaking against using a personal phone for company stuff. But: as an end user it’s very hard to know what the tea to do in the first place. So I’d say be conscious and if IT can show and proof what they are doing, you’re fine on android.

@[email protected] Huge shout out to https://github.com/PeterCxy/Shelter instead

@[email protected] In my previous job, I worked with Intune MDM… Yeah we had several instances of someone on my team accidentally disabling or wiping employee-owned phones. I suspect this is more common than many would like to admit. After that experience, I’ll never allow an employer to have control over my personal device, even if it means I have to find a new job.

@[email protected] This is highly dependent on the way MDM is implemented. If your company is implementing MDM to fully onboard your personal device, then yes. Everything you said is correct. If however they are using a combination of (for Microsoft environments) App Restriction Policies and Conditional Access policy then the company has no way to issue a wipe on your phone. App restriction policies places managed applications in a separate encrypted partition. The company can see company data, but nothing from your personal partition at all. Nor can they control your device, monitor any of the sensors, or track your location or contacts.

The vast majority of orgs just do the full blown MDM enrollments though because it’s far less work to implement and less complicated to manage.

@[email protected] Company I worked for years ago decided to require this for any device that wanted access to Outlook. I put my foot down and said nope, my device: either gimme a phone or I just won’t have access to my work email nights and weekends. They stood firm; and it was nice to delete Outlook (I wasn’t there much longer, the writing was on the wall for what they were becoming and I left).

@[email protected]
This sounds like the sort of thing that certain staff have the ability to fight and other staff might lack the ability to fight.
#union #unions

@[email protected] @[email protected] I actually went through this with the IT at our current company when I enrolled. MDM is quite appropriate for us, we manage people’s money. I also have some experience in iOS device management.

As far as I know, these concerns are wildly exaggerated for iOS. It wasn’t true in 2018 when this was written (read further down to the comments) and it’s far less true now.

IME users are about 1000x more likely to be compromised by some free-to-play game or social network