ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Remote management of employees personal cell phones ...

    Scheduled Pinned Locked Moved IT Discussion
    byodremote management
    43 Posts 15 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BraswellJay @scottalanmiller
      last edited by

      @scottalanmiller said in Remote management of employees personal cell phones ...:

      @BraswellJay said in Remote management of employees personal cell phones ...:

      Our management team has decided that they want to end company issued cell phones and instead provide a monthly stipend for work use of personal phones. As part of that they want to to be able to protect company data on personal phones. Basically they want to wipe company data if the employee leaves the company.

      Let's reword this...

      Basically they said...

      "We want to stop having the right to wipe devices and protect our data."

      And then they said "We want to get back the thing we just gave up."

      Which do they want, to not pay for the phones, or to control the data? They have to choose.

      This was pretty much my thoughts as well so glad to see I'm not out in left field in thinking that way.

      I had objected to the whole notion and told them that I wouldn't want to allow the company to control my personal phone and I doubted other employees did either.

      But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.

      DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
      • DashrenderD
        Dashrender @BraswellJay
        last edited by

        @BraswellJay said in Remote management of employees personal cell phones ...:

        @scottalanmiller said in Remote management of employees personal cell phones ...:

        @BraswellJay said in Remote management of employees personal cell phones ...:

        Our management team has decided that they want to end company issued cell phones and instead provide a monthly stipend for work use of personal phones. As part of that they want to to be able to protect company data on personal phones. Basically they want to wipe company data if the employee leaves the company.

        Let's reword this...

        Basically they said...

        "We want to stop having the right to wipe devices and protect our data."

        And then they said "We want to get back the thing we just gave up."

        Which do they want, to not pay for the phones, or to control the data? They have to choose.

        This was pretty much my thoughts as well so glad to see I'm not out in left field in thinking that way.

        I had objected to the whole notion and told them that I wouldn't want to allow the company to control my personal phone and I doubted other employees did either.

        But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.

        Many employees feel trapped. They don't feel they can say no without being fired. or they simply don't care/don't think about (oh that's the same thing).

        1 Reply Last reply Reply Quote 1
        • JaredBuschJ
          JaredBusch
          last edited by JaredBusch

          While I agree with all the arguments above, it is also true that there are things like selective wipe possible. But as stated it comes down to how much you wanna pay for the product to do something like that. As an employee I would be perfectly comfortable with allowing control of my device to a limited sandbox like that.

          Of course she wants to have to trust your employer when they say that’s all they can do with the solution they are using.

          Emad RE 1 Reply Last reply Reply Quote 1
          • ObsolesceO
            Obsolesce @NDC
            last edited by Obsolesce

            @NDC said in Remote management of employees personal cell phones ...:

            I believe some devices/MDM setups allow you to create an isolated space on an employee owned device. You then control that isolated space not the whole device. When the employee leaves that controlled bit can be removed without wiping the device.

            No idea how effective/reliable/manageable any of that is since I've not implemented or supported that style of MDM setup. Only done full company owned devices myself.

            Yeah this is how Intune works with BYOD. It just manages and controls the company aspect.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @BraswellJay
              last edited by

              @BraswellJay said in Remote management of employees personal cell phones ...:

              But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.

              Directly stealing from employees is actually common. In the US, employees are so scared and have so little protections from alternative retributions for sticking up for their "rights" that they often effectively have none.

              F 1 Reply Last reply Reply Quote 2
              • F
                flaxking @scottalanmiller
                last edited by

                @scottalanmiller said in Remote management of employees personal cell phones ...:

                @BraswellJay said in Remote management of employees personal cell phones ...:

                But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.

                Directly stealing from employees is actually common. In the US, employees are so scared and have so little protections from alternative retributions for sticking up for their "rights" that they often effectively have none.

                This is true in Canada too. Labour law does not help you unless you are prepared to get fired and take legal action.

                1 Reply Last reply Reply Quote 0
                • IRJI
                  IRJ
                  last edited by

                  You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                  F 1 Reply Last reply Reply Quote 0
                  • F
                    flaxking @IRJ
                    last edited by

                    @IRJ said in Remote management of employees personal cell phones ...:

                    You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                    With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

                    IRJI 1 Reply Last reply Reply Quote 0
                    • IRJI
                      IRJ @flaxking
                      last edited by

                      @flaxking said in Remote management of employees personal cell phones ...:

                      @IRJ said in Remote management of employees personal cell phones ...:

                      You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                      With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

                      I'm pretty sure you can do what I described, but I'm not 100% sure.

                      https://support.office.com/en-us/article/Choose-between-MDM-for-Office-365-and-Microsoft-Intune-c93d9ab9-efb2-4349-9b93-30c30562ee22

                      F 1 Reply Last reply Reply Quote 0
                      • F
                        flaxking @IRJ
                        last edited by

                        @IRJ said in Remote management of employees personal cell phones ...:

                        @flaxking said in Remote management of employees personal cell phones ...:

                        @IRJ said in Remote management of employees personal cell phones ...:

                        You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                        With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

                        I'm pretty sure you can do what I described, but I'm not 100% sure.

                        https://support.office.com/en-us/article/Choose-between-MDM-for-Office-365-and-Microsoft-Intune-c93d9ab9-efb2-4349-9b93-30c30562ee22

                        It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.

                        Emad RE IRJI 2 Replies Last reply Reply Quote 1
                        • Emad RE
                          Emad R @flaxking
                          last edited by

                          @flaxking said in Remote management of employees personal cell phones ...:

                          @IRJ said in Remote management of employees personal cell phones ...:

                          @flaxking said in Remote management of employees personal cell phones ...:

                          @IRJ said in Remote management of employees personal cell phones ...:

                          You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                          With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

                          I'm pretty sure you can do what I described, but I'm not 100% sure.

                          https://support.office.com/en-us/article/Choose-between-MDM-for-Office-365-and-Microsoft-Intune-c93d9ab9-efb2-4349-9b93-30c30562ee22

                          It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.

                          But it is always this case with us, the difference of taking snaphot or deleing the whole VM is just button, that is why we have all those stress related issues

                          F 1 Reply Last reply Reply Quote 0
                          • IRJI
                            IRJ @flaxking
                            last edited by IRJ

                            @flaxking said in Remote management of employees personal cell phones ...:

                            @IRJ said in Remote management of employees personal cell phones ...:

                            @flaxking said in Remote management of employees personal cell phones ...:

                            @IRJ said in Remote management of employees personal cell phones ...:

                            You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                            With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

                            I'm pretty sure you can do what I described, but I'm not 100% sure.

                            https://support.office.com/en-us/article/Choose-between-MDM-for-Office-365-and-Microsoft-Intune-c93d9ab9-efb2-4349-9b93-30c30562ee22

                            It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.

                            This is how you do it - from MS link I posted earlier

                            "Enable your users to more securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed by Intune."

                            If you restrict actions like copy, cut, paste, saving, screenshots, etc then you keep the data inside Office Mobile. Then you just remove the Office Mobile app remotely.

                            F 1 Reply Last reply Reply Quote 0
                            • F
                              flaxking @IRJ
                              last edited by

                              @IRJ said in Remote management of employees personal cell phones ...:

                              @flaxking said in Remote management of employees personal cell phones ...:

                              @IRJ said in Remote management of employees personal cell phones ...:

                              @flaxking said in Remote management of employees personal cell phones ...:

                              @IRJ said in Remote management of employees personal cell phones ...:

                              You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                              With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

                              I'm pretty sure you can do what I described, but I'm not 100% sure.

                              https://support.office.com/en-us/article/Choose-between-MDM-for-Office-365-and-Microsoft-Intune-c93d9ab9-efb2-4349-9b93-30c30562ee22

                              It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.

                              This is how you do it - from MS link I posted earlier

                              "Enable your users to more securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed by Intune."

                              If you restrict actions like copy, cut, paste, saving, screenshots, etc then you keep the data inside Office Mobile. Then you just remove the Office Mobile app remotely.

                              Are you able to enable remote removal of the app with just this feature?

                              IRJI 1 Reply Last reply Reply Quote 0
                              • F
                                flaxking @Emad R
                                last edited by

                                @Emad-R said in Remote management of employees personal cell phones ...:

                                @flaxking said in Remote management of employees personal cell phones ...:

                                @IRJ said in Remote management of employees personal cell phones ...:

                                @flaxking said in Remote management of employees personal cell phones ...:

                                @IRJ said in Remote management of employees personal cell phones ...:

                                You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                                With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

                                I'm pretty sure you can do what I described, but I'm not 100% sure.

                                https://support.office.com/en-us/article/Choose-between-MDM-for-Office-365-and-Microsoft-Intune-c93d9ab9-efb2-4349-9b93-30c30562ee22

                                It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.

                                But it is always this case with us, the difference of taking snaphot or deleing the whole VM is just button, that is why we have all those stress related issues

                                If companies were interested in investing in proper pipelines for our work, it would make our lives much less stressful.

                                DashrenderD 1 Reply Last reply Reply Quote 1
                                • DashrenderD
                                  Dashrender @flaxking
                                  last edited by

                                  @flaxking said in Remote management of employees personal cell phones ...:

                                  @Emad-R said in Remote management of employees personal cell phones ...:

                                  @flaxking said in Remote management of employees personal cell phones ...:

                                  @IRJ said in Remote management of employees personal cell phones ...:

                                  @flaxking said in Remote management of employees personal cell phones ...:

                                  @IRJ said in Remote management of employees personal cell phones ...:

                                  You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                                  With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

                                  I'm pretty sure you can do what I described, but I'm not 100% sure.

                                  https://support.office.com/en-us/article/Choose-between-MDM-for-Office-365-and-Microsoft-Intune-c93d9ab9-efb2-4349-9b93-30c30562ee22

                                  It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.

                                  But it is always this case with us, the difference of taking snaphot or deleing the whole VM is just button, that is why we have all those stress related issues

                                  If companies were interested in investing in proper pipelines for our work, it would make our lives much less stressful.

                                  This is not entirely the company being cheap... but also employees not wanting to carry around multiple devices - i.e. no personal data on company phone.

                                  F 1 Reply Last reply Reply Quote 0
                                  • F
                                    flaxking @Dashrender
                                    last edited by

                                    @Dashrender said in Remote management of employees personal cell phones ...:

                                    @flaxking said in Remote management of employees personal cell phones ...:

                                    @Emad-R said in Remote management of employees personal cell phones ...:

                                    @flaxking said in Remote management of employees personal cell phones ...:

                                    @IRJ said in Remote management of employees personal cell phones ...:

                                    @flaxking said in Remote management of employees personal cell phones ...:

                                    @IRJ said in Remote management of employees personal cell phones ...:

                                    You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                                    With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

                                    I'm pretty sure you can do what I described, but I'm not 100% sure.

                                    https://support.office.com/en-us/article/Choose-between-MDM-for-Office-365-and-Microsoft-Intune-c93d9ab9-efb2-4349-9b93-30c30562ee22

                                    It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.

                                    But it is always this case with us, the difference of taking snaphot or deleing the whole VM is just button, that is why we have all those stress related issues

                                    If companies were interested in investing in proper pipelines for our work, it would make our lives much less stressful.

                                    This is not entirely the company being cheap... but also employees not wanting to carry around multiple devices - i.e. no personal data on company phone.

                                    I think we had spun off into production changes having a lot of potential for user error here.

                                    1 Reply Last reply Reply Quote 0
                                    • IRJI
                                      IRJ @flaxking
                                      last edited by

                                      @flaxking said in Remote management of employees personal cell phones ...:

                                      @IRJ said in Remote management of employees personal cell phones ...:

                                      @flaxking said in Remote management of employees personal cell phones ...:

                                      @IRJ said in Remote management of employees personal cell phones ...:

                                      @flaxking said in Remote management of employees personal cell phones ...:

                                      @IRJ said in Remote management of employees personal cell phones ...:

                                      You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

                                      With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

                                      I'm pretty sure you can do what I described, but I'm not 100% sure.

                                      https://support.office.com/en-us/article/Choose-between-MDM-for-Office-365-and-Microsoft-Intune-c93d9ab9-efb2-4349-9b93-30c30562ee22

                                      It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.

                                      This is how you do it - from MS link I posted earlier

                                      "Enable your users to more securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed by Intune."

                                      If you restrict actions like copy, cut, paste, saving, screenshots, etc then you keep the data inside Office Mobile. Then you just remove the Office Mobile app remotely.

                                      Are you able to enable remote removal of the app with just this feature?

                                      You actually dont even have to do that. If they cannot login they cannot get to any of the data.

                                      F 1 Reply Last reply Reply Quote 0
                                      • Emad RE
                                        Emad R @JaredBusch
                                        last edited by Emad R

                                        @JaredBusch said in Remote management of employees personal cell phones ...:

                                        While I agree with all the arguments above, it is also true that there are things like selective wipe possible. But as stated it comes down to how much you wanna pay for the product to do something like that. As an employee I would be perfectly comfortable with allowing control of my device to a limited sandbox like that.

                                        Of course she wants to have to trust your employer when they say that’s all they can do with the solution they are using.

                                        Well guess what I will just get the cheapest smartphone like Nokia 2.1 and that is my "personal" work phone, I think this is the only way to manage that kinda of crap, Im sure managment will be happy and this is what they want, for employees to PurchaseYOD, which is fine I will handing them a frekn 512mb RAM android phone, let us see what kind of app will be installed there ? hell it will crash every 10 seconds

                                        maybe this

                                        4edbce8c-ee6c-4937-aff9-4010b618c2f0-image.png

                                        or this

                                        https://www.amazon.ca/❤Unlocked-Smartphone-Screen-Android-Dual-Core/dp/B07RKMS7BZ/ref=sr_1_5?keywords=cheapest+android+phone&qid=1573852976&sr=8-5

                                        What a freekn shame, i cant beleive I had more freedom in my previous workplace than I have in Canada, and I lived in what you guys call third word developing countries, hell we even made more progress, where I work now everything is blocked, even SSH to other servers that is not company servers are blocked, that mentality is so stupid, and basically tells you we dont trust you. YOu should worry on hiring good people and thats it. Why do you do all the refernces check, and job checks then limit your employees and constantly monitor them ?

                                        If it wasnt for certain family conditions I would go back

                                        travisdh1T ObsolesceO DashrenderD 3 Replies Last reply Reply Quote 0
                                        • notverypunnyN
                                          notverypunny
                                          last edited by

                                          We had looked into a few MDM options a couple of years back and the citrix one (XenMobile IIRC) basically put all of the corporate data into an isolated "bubble" that the company could wipe without touching the personal data on the device, either on corp or BYOD.

                                          1 Reply Last reply Reply Quote 0
                                          • travisdh1T
                                            travisdh1 @Emad R
                                            last edited by

                                            @Emad-R said in Remote management of employees personal cell phones ...:

                                            @JaredBusch said in Remote management of employees personal cell phones ...:

                                            While I agree with all the arguments above, it is also true that there are things like selective wipe possible. But as stated it comes down to how much you wanna pay for the product to do something like that. As an employee I would be perfectly comfortable with allowing control of my device to a limited sandbox like that.

                                            Of course she wants to have to trust your employer when they say that’s all they can do with the solution they are using.

                                            Well guess what I will just get the cheapest smartphone like Nokia 2.1 and that is my "personal" work phone, I think this is the only way to manage that kinda of crap, Im sure managment will be happy and this is what they want, for employees to PurchaseYOD, which is fine I will handing them a frekn 512mb RAM android phone, let us see what kind of app will be installed there ? hell it will crash every 10 seconds

                                            maybe this

                                            4edbce8c-ee6c-4937-aff9-4010b618c2f0-image.png

                                            or this

                                            https://www.amazon.ca/❤Unlocked-Smartphone-Screen-Android-Dual-Core/dp/B07RKMS7BZ/ref=sr_1_5?keywords=cheapest+android+phone&qid=1573852976&sr=8-5

                                            What a freekn shame, i cant beleive I had more freedom in my previous workplace than I have in Canada, and I lived in what you guys call third word developing countries, hell we even made more progress, where I work now everything is blocked, even SSH to other servers that is not company servers are blocked, that mentality is so stupid, and basically tells you we dont trust you. YOu should worry on hiring good people and thats it. Why do you do all the refernces check, and job checks then limit your employees and constantly monitor them ?

                                            If it wasnt for certain family conditions I would go back

                                            We did warn you, didn't we?

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 2 / 3
                                            • First post
                                              Last post