• Aggravationstation@feddit.uk
    link
    fedilink
    English
    arrow-up
    17
    ·
    7 months ago

    In my last job I installed Outlook on my personal phone to access my work calendar conveniently. Found out from a colleague that if the admin for an Outlook server you’re signed into on any device fucks up badly enough you could end up having that device completely wiped so I promptly uninstalled it.

    • NotKyloRen@lemmy.zip
      link
      fedilink
      English
      arrow-up
      19
      ·
      edit-2
      7 months ago

      Yeah, you’re talking about MDM (Mobile Device Management) solutions/tech. I’m not an IT employee myself, but I am familiar with these things from work (similar situation as yours), and also because I’m a nerd and like researching these things.

      On some phones, like Samsung’s (“Secure Folder”), you can have [essentially] a second, containerized instance of Android running. Or you can think of it like a virtual second user that ultimately you have control of. So what I did was install Outlook in that. Because the MDM permissions (e.g. wipe the phone) would only affect that container.

      Otherwise, for everyone else – yeah don’t install work apps/accounts on your personal devices.

      • OfficerBribe@lemm.ee
        link
        fedilink
        English
        arrow-up
        8
        ·
        7 months ago

        Just to expand on this. There is an Exchange specific wipe feature. I think it is quite old school and not really used. Have seen it, but never tested it myself. As per documentation it can perform device wipe, but only if native mail client using ActiveSync is used not Outlook. And it probably does not work with all native mail clients, depends if app has device admin permissions.

        Current Intune MDM model always uses separate Android storage so any operation including wipe will affect only this storage not your personal space so employer can not see nor delete your personal data.

        In Intune there is another option without a need of enrolling device (MDM) where you can manage supported apps. It’s called MAM. If wipe is initiated it affects only data in all apps that support MAM.

        In short, companies / schools cannot really wipe your device if we are talking about Intune MDM. Other MDM solutions probably can.

        • brognak@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          7 months ago

          Activesync

          Now, that’s a name I’ve not heard in a long time. A long time.

      • trolololol@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        My understanding is that it’s called work profile. It’s like having 2 users in the same phone. One is personal and you manage it. The other is company owned and you can only install apps whitelisted by your it admin.

        • max_dryzen@mander.xyz
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          7 months ago

          this is still objectionable

          why does my employer presume it can commandeer my personal property? the only sound policy is to never let work stuff touch personal computers and vice versa. The workplace is like a gas, if you give it the empty space it will keep expanding to fill it

          where the hell did my property rights go once one of my PCs got a radio?

      • octobob@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        I’d love to keep outlook off my personal phone but there’s no chance I’m getting a company phone considering I’m a shop employee and everything in it is an afterthought for IT. Like our computers still run windows 7.

        Unfortunately I need email to do my job, on a ping system for what to test and general communications with coworkers who are often not there or traveling in the field.