Yeah, you’re talking about MDM (Mobile Device Management) solutions/tech. I’m not an IT employee myself, but I am familiar with these things from work (similar situation as yours), and also because I’m a nerd and like researching these things.
On some phones, like Samsung’s (“Secure Folder”), you can have [essentially] a second, containerized instance of Android running. Or you can think of it like a virtual second user that ultimately you have control of. So what I did was install Outlook in that. Because the MDM permissions (e.g. wipe the phone) would only affect that container.
Otherwise, for everyone else – yeah don’t install work apps/accounts on your personal devices.
Just to expand on this. There is an Exchange specific wipe feature. I think it is quite old school and not really used. Have seen it, but never tested it myself. As per documentation it can perform device wipe, but only if native mail client using ActiveSync is used not Outlook. And it probably does not work with all native mail clients, depends if app has device admin permissions.
Current Intune MDM model always uses separate Android storage so any operation including wipe will affect only this storage not your personal space so employer can not see nor delete your personal data.
In Intune there is another option without a need of enrolling device (MDM) where you can manage supported apps. It’s called MAM. If wipe is initiated it affects only data in all apps that support MAM.
In short, companies / schools cannot really wipe your device if we are talking about Intune MDM. Other MDM solutions probably can.
My understanding is that it’s called work profile. It’s like having 2 users in the same phone. One is personal and you manage it. The other is company owned and you can only install apps whitelisted by your it admin.
why does my employer presume it can commandeer my personal property? the only sound policy is to never let work stuff touch personal computers and vice versa. The workplace is like a gas, if you give it the empty space it will keep expanding to fill it
where the hell did my property rights go once one of my PCs got a radio?
I’d love to keep outlook off my personal phone but there’s no chance I’m getting a company phone considering I’m a shop employee and everything in it is an afterthought for IT. Like our computers still run windows 7.
Unfortunately I need email to do my job, on a ping system for what to test and general communications with coworkers who are often not there or traveling in the field.
Yeah, you’re talking about MDM (Mobile Device Management) solutions/tech. I’m not an IT employee myself, but I am familiar with these things from work (similar situation as yours), and also because I’m a nerd and like researching these things.
On some phones, like Samsung’s (“Secure Folder”), you can have [essentially] a second, containerized instance of Android running. Or you can think of it like a virtual second user that ultimately you have control of. So what I did was install Outlook in that. Because the MDM permissions (e.g. wipe the phone) would only affect that container.
Otherwise, for everyone else – yeah don’t install work apps/accounts on your personal devices.
Just to expand on this. There is an Exchange specific wipe feature. I think it is quite old school and not really used. Have seen it, but never tested it myself. As per documentation it can perform device wipe, but only if native mail client using ActiveSync is used not Outlook. And it probably does not work with all native mail clients, depends if app has device admin permissions.
Current Intune MDM model always uses separate Android storage so any operation including wipe will affect only this storage not your personal space so employer can not see nor delete your personal data.
In Intune there is another option without a need of enrolling device (MDM) where you can manage supported apps. It’s called MAM. If wipe is initiated it affects only data in all apps that support MAM.
In short, companies / schools cannot really wipe your device if we are talking about Intune MDM. Other MDM solutions probably can.
Now, that’s a name I’ve not heard in a long time. A long time.
My understanding is that it’s called work profile. It’s like having 2 users in the same phone. One is personal and you manage it. The other is company owned and you can only install apps whitelisted by your it admin.
this is still objectionable
why does my employer presume it can commandeer my personal property? the only sound policy is to never let work stuff touch personal computers and vice versa. The workplace is like a gas, if you give it the empty space it will keep expanding to fill it
where the hell did my property rights go once one of my PCs got a radio?
I’d love to keep outlook off my personal phone but there’s no chance I’m getting a company phone considering I’m a shop employee and everything in it is an afterthought for IT. Like our computers still run windows 7.
Unfortunately I need email to do my job, on a ping system for what to test and general communications with coworkers who are often not there or traveling in the field.
That’s fair. I should have said *if you can help it.