Centrify on iPhone

Discussion in 'iPhone' started by andiwm2003, Apr 13, 2017.

  1. andiwm2003 macrumors 601

    andiwm2003

    Joined:
    Mar 29, 2004
    Location:
    Boston, MA
    #1
    The company i'm working for is using outlook and we use our own private phones for email and calendar through the outlook iOS app. Now the company wants to install "centrify" to secure our phones.

    Does anybody know that system and what are the drawbacks to have this on our iPhones? Can they access out private data? Can the iOS get unstable? Can I lose my private data? Be locked out of my own phone? What happens when I want to do a systems update or restore my phone?
     
  2. blaine07 macrumors 65816

    Joined:
    Nov 14, 2014
    Location:
    Oklahoma
    #2
    Your phone your rules. If you don't like the idea of it I wouldn't do it. Tell them to provide you a phone if having all that will become the new job requirement.
     
  3. Givmeabrek macrumors 68040

    Givmeabrek

    Joined:
    Apr 20, 2009
    Location:
    NY
    #4
    Are you being paid to do this? If not just tell them your phone is broken. Let them supply the phone. I would not put this on my personal phone...
     
  4. theshoehorn macrumors 6502

    Joined:
    Jul 6, 2010
    #5
    It's an MDM (Mobile Device Management) system. They can't access data like messages, or passwords. BUT, they will be able to see all the apps you have installed, force a certain complexity passcode, REMOVE that passcode, track you, and remote wipe your phone. It basically has more depth into the phone than we have as consumers.

    If you do let them use it on your personal phone, I'd ensure that the agreement doesn't allow them to wipe your personal phone if/when you leave employment with them.
     
  5. andiwm2003 thread starter macrumors 601

    andiwm2003

    Joined:
    Mar 29, 2004
    Location:
    Boston, MA
    #6
    Thanks that was helpful. I do not want to be too negative about this. If this was limited to the centrify app then I would be ok. But if they have system access it's a no go for me.
     
  6. blairian89 macrumors 6502

    blairian89

    Joined:
    Dec 5, 2016
    Location:
    Texas
  7. BigMcGuire Contributor

    BigMcGuire

    Joined:
    Jan 10, 2012
    Location:
    California
    #8
    Agreed. I know someone who has one of those apps on his phone and ... they force a 14 character alphanumeric password for his lockscreen password and disable touch id. lol. He doesn't use his phone that much so he goes along with it but that would be a HUGE dealbreaker for me.
     
  8. blairian89 macrumors 6502

    blairian89

    Joined:
    Dec 5, 2016
    Location:
    Texas
    #9
    That would be a huge deal breaker for me. My rule of thumb has always been that if you want for me to use a mobile phone for work purposes you are going to provide it to me AND pay for it as well. The once exception that I would make is if you are going to pay for me to open an account for business use and compensate me for the monthly costs associated with that line and phone.

    Otherwise you can keep your mittens off of my stuff!
     
  9. killawat macrumors 65816

    Joined:
    Sep 11, 2014
    #10
    I managed centrify and other mdm for some time. Resist them if you can for your personal devices. The level of access depends on how the policy configured. I am NOT an advocate of Byod, forget the trends.
     
  10. Centrify_RyanV macrumors newbie

    Centrify_RyanV

    Joined:
    Apr 17, 2017
    Location:
    Santa Clara
    #11
    Hi Everyone!

    My name is Ryan and I am a Sr Technical Support Engineer for Centrify, supporting the MDM platform. We noticed this thread, and wanted to add some clarity here to help with your decision to enroll your device using Centrify for your orgs MDM roll out.

    Although this CAN give the Admin the ability to do the standard MDM things such as Admin lock your device, or Wipe your device, these should not be an issue as this is normal for MDM with any vendor, including once you set up email using Exchange Active Sync policy. One of the benefits of using Centrify, is that the Admin does not HAVE to wipe the device (like you do with ActiveSync) in order to remove the corporate data (including the "Work" email profile) for the apps you get SSO access to once you enroll the device.

    Furthermore, regarding the location services on iOS, you can choose to not allow the Admin to monitor your location, but completing enrollment after will be contingent on your company's corporate security policy with regards to non-compliant devices. (ie. Email may not be allowed except for from compliant, corporate enrolled devices, etc)

    Last, and something you as the End User may want to share with your Centrify MDM Admin, is that Fingerprint (rather than PIN code or password) is supported for enforced lock screen on the device. See more info here

    There is huge benefit to enrolling your device, even for the privacy minded End User, but ultimately, the decision to enroll is based on how much access to your Corp data do you need on your mobile device?

    If you are at the point where your org is using Centrify to secure their corporate data on mobile devices, then it is likely that the ONLY option to access it is via enrolling your device.

    For reference, here is a link to some helpful info for End Users on using the Centrify platform once your device is enrolled.

    Using Devices with Centrify

    Cheers!

    RyanV
     

Share This Page