Remote management of employees personal cell phones ...
-
@scottalanmiller said in Remote management of employees personal cell phones ...:
@BraswellJay said in Remote management of employees personal cell phones ...:
Our management team has decided that they want to end company issued cell phones and instead provide a monthly stipend for work use of personal phones. As part of that they want to to be able to protect company data on personal phones. Basically they want to wipe company data if the employee leaves the company.
Let's reword this...
Basically they said...
"We want to stop having the right to wipe devices and protect our data."
And then they said "We want to get back the thing we just gave up."
Which do they want, to not pay for the phones, or to control the data? They have to choose.
This was pretty much my thoughts as well so glad to see I'm not out in left field in thinking that way.
I had objected to the whole notion and told them that I wouldn't want to allow the company to control my personal phone and I doubted other employees did either.
But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.
-
@BraswellJay said in Remote management of employees personal cell phones ...:
@scottalanmiller said in Remote management of employees personal cell phones ...:
@BraswellJay said in Remote management of employees personal cell phones ...:
Our management team has decided that they want to end company issued cell phones and instead provide a monthly stipend for work use of personal phones. As part of that they want to to be able to protect company data on personal phones. Basically they want to wipe company data if the employee leaves the company.
Let's reword this...
Basically they said...
"We want to stop having the right to wipe devices and protect our data."
And then they said "We want to get back the thing we just gave up."
Which do they want, to not pay for the phones, or to control the data? They have to choose.
This was pretty much my thoughts as well so glad to see I'm not out in left field in thinking that way.
I had objected to the whole notion and told them that I wouldn't want to allow the company to control my personal phone and I doubted other employees did either.
But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.
Many employees feel trapped. They don't feel they can say no without being fired. or they simply don't care/don't think about (oh that's the same thing).
-
While I agree with all the arguments above, it is also true that there are things like selective wipe possible. But as stated it comes down to how much you wanna pay for the product to do something like that. As an employee I would be perfectly comfortable with allowing control of my device to a limited sandbox like that.
Of course she wants to have to trust your employer when they say that’s all they can do with the solution they are using.
-
@NDC said in Remote management of employees personal cell phones ...:
I believe some devices/MDM setups allow you to create an isolated space on an employee owned device. You then control that isolated space not the whole device. When the employee leaves that controlled bit can be removed without wiping the device.
No idea how effective/reliable/manageable any of that is since I've not implemented or supported that style of MDM setup. Only done full company owned devices myself.
Yeah this is how Intune works with BYOD. It just manages and controls the company aspect.
-
@BraswellJay said in Remote management of employees personal cell phones ...:
But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.
Directly stealing from employees is actually common. In the US, employees are so scared and have so little protections from alternative retributions for sticking up for their "rights" that they often effectively have none.
-
@scottalanmiller said in Remote management of employees personal cell phones ...:
@BraswellJay said in Remote management of employees personal cell phones ...:
But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.
Directly stealing from employees is actually common. In the US, employees are so scared and have so little protections from alternative retributions for sticking up for their "rights" that they often effectively have none.
This is true in Canada too. Labour law does not help you unless you are prepared to get fired and take legal action.
-
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
-
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
-
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
-
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
-
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
But it is always this case with us, the difference of taking snaphot or deleing the whole VM is just button, that is why we have all those stress related issues
-
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
This is how you do it - from MS link I posted earlier
"Enable your users to more securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed by Intune."
If you restrict actions like copy, cut, paste, saving, screenshots, etc then you keep the data inside Office Mobile. Then you just remove the Office Mobile app remotely.
-
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
This is how you do it - from MS link I posted earlier
"Enable your users to more securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed by Intune."
If you restrict actions like copy, cut, paste, saving, screenshots, etc then you keep the data inside Office Mobile. Then you just remove the Office Mobile app remotely.
Are you able to enable remote removal of the app with just this feature?
-
@Emad-R said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
But it is always this case with us, the difference of taking snaphot or deleing the whole VM is just button, that is why we have all those stress related issues
If companies were interested in investing in proper pipelines for our work, it would make our lives much less stressful.
-
@flaxking said in Remote management of employees personal cell phones ...:
@Emad-R said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
But it is always this case with us, the difference of taking snaphot or deleing the whole VM is just button, that is why we have all those stress related issues
If companies were interested in investing in proper pipelines for our work, it would make our lives much less stressful.
This is not entirely the company being cheap... but also employees not wanting to carry around multiple devices - i.e. no personal data on company phone.
-
@Dashrender said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@Emad-R said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
But it is always this case with us, the difference of taking snaphot or deleing the whole VM is just button, that is why we have all those stress related issues
If companies were interested in investing in proper pipelines for our work, it would make our lives much less stressful.
This is not entirely the company being cheap... but also employees not wanting to carry around multiple devices - i.e. no personal data on company phone.
I think we had spun off into production changes having a lot of potential for user error here.
-
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
This is how you do it - from MS link I posted earlier
"Enable your users to more securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed by Intune."
If you restrict actions like copy, cut, paste, saving, screenshots, etc then you keep the data inside Office Mobile. Then you just remove the Office Mobile app remotely.
Are you able to enable remote removal of the app with just this feature?
You actually dont even have to do that. If they cannot login they cannot get to any of the data.
-
@JaredBusch said in Remote management of employees personal cell phones ...:
While I agree with all the arguments above, it is also true that there are things like selective wipe possible. But as stated it comes down to how much you wanna pay for the product to do something like that. As an employee I would be perfectly comfortable with allowing control of my device to a limited sandbox like that.
Of course she wants to have to trust your employer when they say that’s all they can do with the solution they are using.
Well guess what I will just get the cheapest smartphone like Nokia 2.1 and that is my "personal" work phone, I think this is the only way to manage that kinda of crap, Im sure managment will be happy and this is what they want, for employees to PurchaseYOD, which is fine I will handing them a frekn 512mb RAM android phone, let us see what kind of app will be installed there ? hell it will crash every 10 seconds
maybe this
or this
What a freekn shame, i cant beleive I had more freedom in my previous workplace than I have in Canada, and I lived in what you guys call third word developing countries, hell we even made more progress, where I work now everything is blocked, even SSH to other servers that is not company servers are blocked, that mentality is so stupid, and basically tells you we dont trust you. YOu should worry on hiring good people and thats it. Why do you do all the refernces check, and job checks then limit your employees and constantly monitor them ?
If it wasnt for certain family conditions I would go back
-
We had looked into a few MDM options a couple of years back and the citrix one (XenMobile IIRC) basically put all of the corporate data into an isolated "bubble" that the company could wipe without touching the personal data on the device, either on corp or BYOD.
-
@Emad-R said in Remote management of employees personal cell phones ...:
@JaredBusch said in Remote management of employees personal cell phones ...:
While I agree with all the arguments above, it is also true that there are things like selective wipe possible. But as stated it comes down to how much you wanna pay for the product to do something like that. As an employee I would be perfectly comfortable with allowing control of my device to a limited sandbox like that.
Of course she wants to have to trust your employer when they say that’s all they can do with the solution they are using.
Well guess what I will just get the cheapest smartphone like Nokia 2.1 and that is my "personal" work phone, I think this is the only way to manage that kinda of crap, Im sure managment will be happy and this is what they want, for employees to PurchaseYOD, which is fine I will handing them a frekn 512mb RAM android phone, let us see what kind of app will be installed there ? hell it will crash every 10 seconds
maybe this
or this
What a freekn shame, i cant beleive I had more freedom in my previous workplace than I have in Canada, and I lived in what you guys call third word developing countries, hell we even made more progress, where I work now everything is blocked, even SSH to other servers that is not company servers are blocked, that mentality is so stupid, and basically tells you we dont trust you. YOu should worry on hiring good people and thats it. Why do you do all the refernces check, and job checks then limit your employees and constantly monitor them ?
If it wasnt for certain family conditions I would go back
We did warn you, didn't we?