I refuse to install any work related software on my phone. Not only because I don’t want to be contacted after hours, but companies often “require” full read/write access on your device, so they can remotely wipe their data if you quit or get fired.
I’m with you there. My previous employer wanted a bunch of their shit on my phone. I asked if they were supplying me with a work a phone, and they said no, you already have one. I said I do, and it’s mine, and I’m not putting anything on it for work because work and home are going to be two different things. They gave me a work phone and then wanted to know why I turned it off in the parking lot before I even got into my car. I’m done working for the day sir.
No modern MDM solution allows a company to access your personal data on BYOD. That’s why containerization of work profiles exist. Anything else would be a massive privacy scandal.
Company-owned devices, though, do have that level of access when MDM enrolled.
You’re talking about MDM in Intune which is only used on corporate owned devices. MAM is used for personal devices and does not have device administration access. It’s in the name - Mobile Application Management.
VERY few companies have been sued for being as big a bunch of lying dinks as Microsoft has.
We need to learn from this shit. Ads on login screens? Privacy issues? Solarwinds sploit letting Russian hackers get to the windows source? How many more red flags are our security groups going to ignore?
I’d love to honestly believe that. But I still wouldn’t risk ever doing a BYOD with a company that forced me to install anything on my personal devices.
This is absolutely correct. Heck, you’re free to deny that based on any reasoning, maybe the shoddy icon of the work app doesn’t match your phone wallpaper.
The phone is your private property, if an employer requires an app to be installed to do your job, they can provide a phone.
I would also never let corporate IT manage a device, e. g. a laptop connected to my private network at home.
No, have the company buy a laptop, and if necessary, also have them buy the hardware that allows for proper network separation, if not already available.
Surely not. But also many employees won’t even ask for it, and change will only happen if people care about it.
So first, raise awareness, and naturally, implement those things at any companies you manage or own.
I’m not saying quit your job and become homeless if your employer won’t corporate with you on the issue. Everyone should think about how this could potentially affect them and what they can do within the constraints they operate in, though.
As someone else in this thread said, a separate (VLAN, guest) network for work devices, reasonable access rules etc. can go a long way. Eventually, I would like this to become unacceptable though.
I refuse to install any work related software on my phone. Not only because I don’t want to be contacted after hours, but companies often “require” full read/write access on your device, so they can remotely wipe their data if you quit or get fired.
Fuck that.
I’m with you there. My previous employer wanted a bunch of their shit on my phone. I asked if they were supplying me with a work a phone, and they said no, you already have one. I said I do, and it’s mine, and I’m not putting anything on it for work because work and home are going to be two different things. They gave me a work phone and then wanted to know why I turned it off in the parking lot before I even got into my car. I’m done working for the day sir.
My co-worker locked his in his desk drawer when he went home for the night.
No modern MDM solution allows a company to access your personal data on BYOD. That’s why containerization of work profiles exist. Anything else would be a massive privacy scandal.
Company-owned devices, though, do have that level of access when MDM enrolled.
Intune installs as a device adminstration. I’m not sure how much I’d trust that on my personal device period.
That’s a fair point. Microsoft says that they don’t… but, not that they can’t. It’s especially tricky on iOS.
You’re talking about MDM in Intune which is only used on corporate owned devices. MAM is used for personal devices and does not have device administration access. It’s in the name - Mobile Application Management.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-planning-guide#personal-devices-vs-organization-owned-devices
They can say what they like.
VERY few companies have been sued for being as big a bunch of lying dinks as Microsoft has.
We need to learn from this shit. Ads on login screens? Privacy issues? Solarwinds sploit letting Russian hackers get to the windows source? How many more red flags are our security groups going to ignore?
I’d love to honestly believe that. But I still wouldn’t risk ever doing a BYOD with a company that forced me to install anything on my personal devices.
This is absolutely correct. Heck, you’re free to deny that based on any reasoning, maybe the shoddy icon of the work app doesn’t match your phone wallpaper.
The phone is your private property, if an employer requires an app to be installed to do your job, they can provide a phone.
I would also never let corporate IT manage a device, e. g. a laptop connected to my private network at home.
If you ever must, buy a new laptop. And use it on a guest wifi network. Use it as you would a work laptop, nothing personal on it
No, have the company buy a laptop, and if necessary, also have them buy the hardware that allows for proper network separation, if not already available.
Just another thing to be aware of.
Not all companies will do that
Surely not. But also many employees won’t even ask for it, and change will only happen if people care about it.
So first, raise awareness, and naturally, implement those things at any companies you manage or own.
I’m not saying quit your job and become homeless if your employer won’t corporate with you on the issue. Everyone should think about how this could potentially affect them and what they can do within the constraints they operate in, though.
As someone else in this thread said, a separate (VLAN, guest) network for work devices, reasonable access rules etc. can go a long way. Eventually, I would like this to become unacceptable though.