this post was submitted on 06 Feb 2025
16 points (100.0% liked)

Privacy

6 readers
8 users here now

Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.

founded 1 year ago
MODERATORS
ciferecaNinjo@fedia.io
16
Just a reminder, especially in this wild time we live in. DO NOT INSTALL WORK MDM ON YOUR PERSONAL DEVICE. (kzoo.to)
submitted 1 month ago by notsle@kzoo.to to c/privacy@fedia.io
44 comments fedilink hide all child comments
 

Just a reminder, especially in this wild time we live in. DO NOT INSTALL WORK MDM ON YOUR PERSONAL DEVICE.
If your work requires Microsoft Intune or similar MDM, to get email/teams/slack. don't accept it. It opens your device up for them to access private data and disable/delete your phone (even if they say they wont, they can)

https://blog.cdemi.io/never-accept-an-mdm-policy-on-your-personal-phone/

#privacy #android #iphone #work #email #outlook #microsoft

you are viewing a single comment's thread
view the rest of the comments
[–] notsle@kzoo.to 1 points 1 month ago (2 children)

@tzudad@mastodon.social I know the permission the Microsoft profile requests gives them( Microsoft) much more access than that. I belive they then reduce its capabilities in endpoint(intune) but the permissions are still given. At least in iOS.

Here are screenshots for iOS when setting up intune. It’s about trusting Microsoft and your company.

I believe even connecting to exchange gives the ability to delete your phone from the server. But it’s been years since I checked that.

image/png
image/png

[–] tzudad@mastodon.social 1 points 1 month ago (1 children)

@notsle@kzoo.to Those settings look closer to a corporate device to me. I'm the original IT guy in my company and created our M365 organization. I don't think some of those abilities being available when I configured our environment for personal devices in 2018.
We can only see and reset M365 apps when they are signed in with a company account. We do not see personal apps or data. I'll never allow that horrible sh*t on the personal devices of our people. Corporate devices are very different.

[–] notsle@kzoo.to 1 points 1 month ago (1 children)

@tzudad@mastodon.social those are screenshots taken on my personal device when I went through the steps to install intune like my work wants. I had no intention of finishing it. Just wanted to see if anything has changed from previous employers.

[–] tzudad@mastodon.social 1 points 1 month ago

@notsle@kzoo.to Your company's IT has some really invasive settings. Are you handling sensitive data? If I had to do that, I'd buy a garbage phone with a prepaid SIM and not put anything but their stuff on it. 2 phones sucks, but privacy is your right on your device.

[–] jernej__s@infosec.exchange 1 points 1 month ago

@notsle@kzoo.to @tzudad@mastodon.social Connecting to Exchange with the phone manufacturer's pre-installed mail app usually gives the ability to remotely wipe the device; if you use a 3rd party app, only the profile in that app can be deleted.