Just transitioned from a Google + slack company to a Microsoft account company.
I asked if we put our email accounts on our phones to be able to answer after hours, my supervisor said very few people are given access to emails on their phones.
I am fine with the switch, I used to get 40-60 emails to sort through a day. Now I will be doing maybe 5-10 a day and only 3 or 4 might actually be for me and I only have an 8 hour day with no after hours meetings.
I’ve had a company require employees to install MDM on personal phones (remote control/management) to be allowed to use them for 2fa app or email access… there was a surprised Pikachu when I refused. Eventually they issued me a company phone, because it was impossible to do most tasks without 2fa. That device was on 9 to 5 only.
I work in IT and endpoint management is among my tasks. Knowing the things we can do to smartphones that are controlled by our mdm is enough to where I would never agree to having thatopn my personal device. I even refused to get a company provided smartphone.
I have an MDM on my work phone and I can’t even access PlayStore anymore. It only allows Company Allowed Apps which is to say nothing. YouTube is broken because MDM somehow controls my DNS records. Firefox cannot be installed so Ads everywhere. Chrome only and it can only go to approved websites because Yahoo is safe but Ars Technica is not???
Why would anyone want that on a device they pay for?
MDM can be configured in 2 modes, one with company owned devices and one with bring your own device. But there are lots of settings that can be done, usually it is configured with work and personal profiles and the work one has all the restrictions in place and the personal has no limits. Maybe just some device features can be also enforced, like forbid the OEM unlock and ADB.
They must have some intense data retention policies. You can configure compliance levels to allow anyone into their Outlook acct using the app without any special permissions pretty easily.
My particular company emails contain privilege information and there is absolutely zero trust in letting smart phones aka roaming data leaks anywhere near that.
Just transitioned from a Google + slack company to a Microsoft account company.
I asked if we put our email accounts on our phones to be able to answer after hours, my supervisor said very few people are given access to emails on their phones.
I am fine with the switch, I used to get 40-60 emails to sort through a day. Now I will be doing maybe 5-10 a day and only 3 or 4 might actually be for me and I only have an 8 hour day with no after hours meetings.
I’ve had a company require employees to install MDM on personal phones (remote control/management) to be allowed to use them for 2fa app or email access… there was a surprised Pikachu when I refused. Eventually they issued me a company phone, because it was impossible to do most tasks without 2fa. That device was on 9 to 5 only.
Remote control of your personal phone for work? That sounds dodgey, I would definitely refuse. Would anyone actually accept that?
Also, 2fa is a really shit excuse for that.
Less than 2% of workforce got issued a company phone for that reason.
Any device required MDM installed to get access to VPN that got you to company network, to get 2fa app, SSO or email.
Sounds like they’re respecting work life balance in a round-about way.
What the fuck? Are there really people who allow that?
Over 98% did. My job was security adjacent so I’ve had some insight into those metrics
I work in IT and endpoint management is among my tasks. Knowing the things we can do to smartphones that are controlled by our mdm is enough to where I would never agree to having thatopn my personal device. I even refused to get a company provided smartphone.
deleted by creator
But why would anyone?
I have an MDM on my work phone and I can’t even access PlayStore anymore. It only allows Company Allowed Apps which is to say nothing. YouTube is broken because MDM somehow controls my DNS records. Firefox cannot be installed so Ads everywhere. Chrome only and it can only go to approved websites because Yahoo is safe but Ars Technica is not???
Why would anyone want that on a device they pay for?
Is my MDM different from their MDM?
MDM can be configured in 2 modes, one with company owned devices and one with bring your own device. But there are lots of settings that can be done, usually it is configured with work and personal profiles and the work one has all the restrictions in place and the personal has no limits. Maybe just some device features can be also enforced, like forbid the OEM unlock and ADB.
Why not just a physical TOTP token? There’s ones that do 100 Tokens, probably won’t need more than that. Smartphone for 2fa seems overkill.
Sounds like a pretty big win to me? Who answers emails after hours, yuck
I’m going from a 24/6 bigger city operation to a mon-fri 7-430 operation in a small town. It is a huge win for me.
Congrats! That sounds like a great change.
They must have some intense data retention policies. You can configure compliance levels to allow anyone into their Outlook acct using the app without any special permissions pretty easily.
Good on them to cut down access like that
Now I wonder if there’s a correlation between companies using Microsoft package being companies less obsessed with crunch culture…
But … why?
Outlook on phones works well enough. Was it some security measurement or something?
My particular company emails contain privilege information and there is absolutely zero trust in letting smart phones aka roaming data leaks anywhere near that.
I mean it doesn’t matter to me, I don’t want to take my work home with me and I’m close to the computer while I’m at work.
deleted by creator