this post was submitted on 25 Mar 2025
753 points (98.3% liked)
Technology
68066 readers
3724 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yeah, you're talking about MDM (Mobile Device Management) solutions/tech. I'm not an IT employee myself, but I am familiar with these things from work (similar situation as yours), and also because I'm a nerd and like researching these things.
On some phones, like Samsung's ("Secure Folder"), you can have [essentially] a second, containerized instance of Android running. Or you can think of it like a virtual second user that ultimately you have control of. So what I did was install Outlook in that. Because the MDM permissions (e.g. wipe the phone) would only affect that container.
Otherwise, for everyone else -- yeah don't install work apps/accounts on your personal devices.
Just to expand on this. There is an Exchange specific wipe feature. I think it is quite old school and not really used. Have seen it, but never tested it myself. As per documentation it can perform device wipe, but only if native mail client using ActiveSync is used not Outlook. And it probably does not work with all native mail clients, depends if app has device admin permissions.
Current Intune MDM model always uses separate Android storage so any operation including wipe will affect only this storage not your personal space so employer can not see nor delete your personal data.
In Intune there is another option without a need of enrolling device (MDM) where you can manage supported apps. It's called MAM. If wipe is initiated it affects only data in all apps that support MAM.
In short, companies / schools cannot really wipe your device if we are talking about Intune MDM. Other MDM solutions probably can.
Now, that's a name I've not heard in a long time. A long time.
My understanding is that it's called work profile. It's like having 2 users in the same phone. One is personal and you manage it. The other is company owned and you can only install apps whitelisted by your it admin.
this is still objectionable
why does my employer presume it can commandeer my personal property? the only sound policy is to never let work stuff touch personal computers and vice versa. The workplace is like a gas, if you give it the empty space it will keep expanding to fill it
where the hell did my property rights go once one of my PCs got a radio?
I'd love to keep outlook off my personal phone but there's no chance I'm getting a company phone considering I'm a shop employee and everything in it is an afterthought for IT. Like our computers still run windows 7.
Unfortunately I need email to do my job, on a ping system for what to test and general communications with coworkers who are often not there or traveling in the field.
That's fair. I should have said *if you can help it.