We have never, and will never, integrate someone's personal phone into our infrastructure. Everyone gets a company phone. If you want to use the company phone as your personal phone, or the phone you use to cheat on your husband, that's your call. Just don't complain to me when video of you pleasuring yourself end up backed up to our cloud storage and discovered by IT when tracking down large files eating up storage. (Yes that happened.)
My previous employer was acquired and the new owner required jumping through these kinds of hoops to use company email or Teams on our phones.
As an end result, everybody stopped using those on their phones. Once the laptop lid was shut, work wouldn't be bothering you until you open it the next day. Sometimes stupid things can lead to good outcomes.
If your employer expects you to access corporate resources or be available to respond / on-call out of hours, then they should issue you a corporate device to do so.
While it has not yet been enforced, my employer has an MDM. Because I do not want to violate this policy or install something that gives my employer access to my device, I do not use my personal device for work and I do not have a work device other than my laptop.
This has given me some interesting perspectives.
I do not need to be connected at all times.
I can walk away.
They pay me for work hours, not for my free time.
I can easily disconnect every night and weekend, even emergencies in my area can wait.
Seems people think things are much more urgent than they should be or actually are.
It depends how the MDM is implemented. If it allows locking and wiping the entire device, no. If it makes a sandbox for the work stuff, and it only grant them access to control, lock and wipe that sandbox then I don't mind.
That's what we do for personal devices, corporate devices are fully managed/supervised.
SUPER depends on the platform. If you own an iOS device and enroll it in MDM through the settings app, MDM ONLY has access to whatever it puts on the device
Setting aside the issue of whether this post is overstating the risk of MDM software on a personal phone, I had a tangentially related experience that might provide a tip for anyone who's in a similar situation.
I like to have the convenience of checking my work messages and chats on my personal phone, so I have Teams and Outlook installed and using my work account.
When I first went to sign in to my work account on Outlook, I got this message like "Outlook needs to run with administrator privileges in order to provide the necessary security for this account" and shunted me off to some system settings to approve the permissions. Big nope.
So I tried Outlook Lite, and it made no such demands and works perfectly. So for anyone else who's run into this, try Outlook Lite! I hope this helps somebody.
If you have work stuff on your personal device, any legal proceedings against the company might mean your personal device is taken as evidence, all of the data in it will get examined and you might only get it back years later.
So even if only for legal reasons, never have company stuff in a personal device, quite independently of there being some fancy tech or other to virtually partition it.
MDM when configured properly only get a specific section of your phone that's separate from your personal use section, so they don't see your apps and personal data.
I’ve been using Google’s native MDM. I can’t do any of those on a personal device. The only thing I can do with a personal phone used for work is wipe the android for a work profile off of it.
If you’re using a company device, I cannot do any of that.
The only thing I can do is wipe the entire phone and that’s it.
TL;DR - never use company devices for personal materials. Create a separate, independent email strictly for work or your company email for all company devices, not your personal one.
I have a mobile device required for work, and my personal device.
No personal stuff goes on the work device. Photos, apps, logins, messaging, whatever. Zero. However, many of my colleagues use the device like, “Free mobile device, bro!” and load it up with everything they have on their personal device.
That is a horrible idea. The company device has its own cybersecurity app installed and managed by company servers that sees everything on your device, and should your device be used for something it shouldn’t, they don’t even have to take it from you to know what you did. They know when you did it, too. Watching movies or texting while driving? Reading a book or using social media while monitoring a system? If you crash the company car, or the system goes TU and they see you were fucking around with the company device instead of doing your job, you’re fucked. They see it all, it’s all
regularly scanned, uploaded, screened, whatever. They just don’t bother to look unless they need to. Already had a couple people fired for illegal material on their devices.
This is the employer working around having to purchase and maintain a phone inventory for employees.
While we're on the topic, this also applies to laptop/desktop hardware for the work-from-home crowd.
In general it's a bad idea to use personal devices for work. Companies that don't give you a choice are being cheap and disrespecting of privacy at best, and want to spy into your personal life at worst. It's also really, really, really bad IT security for everyone involved.
But, in all honesty, no one is going to be looking at it unless there's a very good reason too. IT sure as hell doesn't have enough resources to monitor it.
MDM largely exists to remote wipe a lost or stolen phone.
Easy solution, use Linux. No extra permissions, no spying, and everything worked for me so far. Android has a neat feature for a separate work account. It used to be called "work acxount", but it's not there anymore and you have to use "secure folder", or whatever it is called now.