iPhone XS MDM/BYOD...worth it?

[ericg301]

So my company is offering a monthly stipend as a reimbursement for "mobile phone costs related to work tasks." However, to get the stipend, we have to install an MDM certificate and "related apps." I hate to turn down free money but I like to keep my personal and professional lives somewhat separate. Is this safe and secure? Will big brother be able to see my Alto's Adventure scores? My accidental screenshots?

We already have to use Outlook for work email and calendar, via a Microsoft Authenticator app.

 

[Beelzbub]

It is safe. I also require it in my office. It only pertains to the stock apps for email, calendar, and contacts... Many years ago before I turned it on, anyone could setup an email profile on their phone without going through IT. And for the most part, no big deal (this was before apps like Outlook were available). The problem became when people would would quit or get fired an walk out the door with non public information on their device (stock email app). So we changed things on the back end and now when people try to do that, it says their device must be approved first, and then they have a look at our mobile device policy, which discusses the ability to remote wipe a device. And most say no when they read that part. So I tell them to use a third party app instead like Outlook or to check their email on their devices web browser. I have only used remote wipe once, and that was for an actual company owned phone. The user quit and went to a competitor and thought they could take the company owned phone with them, not on my watch. So I issued the remote wipe command, and then called our cellular provider and shut the number off once I got confirmation the device was wiped. I heard later on from a little birdy this person was in an electronics store demanding they get the pictures, and contacts and emails off the device because they were missing. They shouldn't have done what they did, but hey I was looking out for my company's best interest.

Basically a MDM is designed to keep the company safe. Depending on what your company does, they don't want their information falling into the wrong hands. And an MDM helps them achieve that. So we state in our MDM policy, that if you quit or get fired, please see IT so they can make sure no company data is on the device, it takes all of a few minutes. And if you fail to do that, we have the right to issue a remote wipe command, resetting the device back to factory conditions.

 

[se95dah]

I think you need to read your company’s policies and the terms and conditions of the MDM software to understand what rights your employer will have over your device and personal data. I have enrolled my personal iPhone in my employers BYOD program and have an MDM profile installed. Their terms were ok by me - they can’t track my location or view any of my personal emails, texts, photos etc but they can verify that my device meets some security requirements (not jail broken, no blacklisted apps installed, minimum 6 digit passcode etc). They can remotely wipe the device if I report it lost. I thought all this was reasonable so I agreed. If they had wanted access to my photos, iMessages etc then that would have been no deal.

 

[Beelzbub]

I think you need to read your company’s policies and the terms and conditions of the MDM software to understand what rights your employer will have over your device and personal data. I have enrolled my personal iPhone in my employers BYOD program and have an MDM profile installed. Their terms were ok by me - they can’t track my location or view any of my personal emails, texts, photos etc but they can verify that my device meets some security requirements (not jail broken, no blacklisted apps installed, minimum 6 digit passcode etc). They can remotely wipe the device if I report it lost. I thought all this was reasonable so I agreed. If they had wanted access to my photos, iMessages etc then that would have been no deal.

This right here. We cannot track anything, we can however guarantee your device meets certain requirements. And that is it. And yes we can remote wipe the device if it is lost or stolen or you fail to see IT if you quit or get fired. I can walk someone over the phone from deleting the email profile if they don't know how and I can see on my end that it was done and no longer connecting to our mail server.

I would read the policy and ask any questions you do not fully understand. And if you do not feel comfortable with it, then don't do it.

 

[Tsepz]

I think you need to read your company’s policies and the terms and conditions of the MDM software to understand what rights your employer will have over your device and personal data. I have enrolled my personal iPhone in my employers BYOD program and have an MDM profile installed. Their terms were ok by me - they can’t track my location or view any of my personal emails, texts, photos etc but they can verify that my device meets some security requirements (not jail broken, no blacklisted apps installed, minimum 6 digit passcode etc). They can remotely wipe the device if I report it lost. I thought all this was reasonable so I agreed. If they had wanted access to my photos, iMessages etc then that would have been no deal.

Yep, my work’s one is exactly like this, have their profile on both my iPhone and iPad, everything is managed in Microsoft apps.

 

[TriBruin]

Generally it is safe for you to install an MDM profile on your personal device. But, you might ask your company if they support the newer User Enrollment method. As of 13.1, Apple has effectively created a wall between personal data and work data. Your company will have no access to any personal data, including things like location data. They will not even have the ability to completely wipe your device. They only wipe would be of work related data.

 

[jschnee21]

In years past I’ve had various employer’s MDM’s on my personal phone (and a number of employer purchasesd devices). And it has been fine.

But nowadays with Office in the cloud it’s usually not necessarily (if the employer is up to date). At my employer (large pharma) no MDM is required if you are only using the Microsoft suite (e.g Outlook, OneDrive, Skype Business, office). Likewise I can use any of these apps from my personal PC at home by going to office.Microsoft.com.

But I do have some specialty apps (Jump, Axis Camera Station, etc.) which require VPN connectivity to my corporate intranet to work. So I had my employer buy me an iPad (or BYOD) and enrolled it’s in the MDM program w/VPN, etc. Then I just tether it to my phone as needed.

Of course, this won’t save you any money. My employers MDM policy is from the Stone Age — no iCloud, full location tracking, remote wipe, and theoretically full access to anything I do on the phone.

No thanks. I’ll keep my sketchy websites to myself, thank you.

 

[AustinIllini]

I have limited MDM on my personal phone. My company seems to mind its own business as I have had the account for 6 years.

 

[MurphysLawColeslaw]

So my company is offering a monthly stipend as a reimbursement for "mobile phone costs related to work tasks." However, to get the stipend, we have to install an MDM certificate and "related apps." I hate to turn down free money but I like to keep my personal and professional lives somewhat separate. Is this safe and secure? Will big brother be able to see my Alto's Adventure scores? My accidental screenshots?

We already have to use Outlook for work email and calendar, via a Microsoft Authenticator app.

Shouldn't be an issue, the scope of supervision will only extend to the "related apps". Our company has been using Hexnode MDM for BYOD management ever since the quarantine began. Been running smoothly, no hiccups or cases of our IT snooping in. But I would suggest you check your company's policies regarding the same.

 

[mnsportsgeek]

It depends on the MDM policy to be honest. They can be very restrictive. My company does not allow Siri or any cloud backups. They can even go as far as to restrict copy and paste. They can also remotely wipe your phone. There are many different flavors of MDM.

I would see if they can tell you what restrictions are enforced as part for MDM. They might be minimal. It might be alot.

 

[Tsepz]

So my company is offering a monthly stipend as a reimbursement for "mobile phone costs related to work tasks." However, to get the stipend, we have to install an MDM certificate and "related apps." I hate to turn down free money but I like to keep my personal and professional lives somewhat separate. Is this safe and secure? Will big brother be able to see my Alto's Adventure scores? My accidental screenshots?

We already have to use Outlook for work email and calendar, via a Microsoft Authenticator app.

Should be good, got it on my 11 Pro Max and my Xs Max before that, it keeps your personal stuff and work stuff separate, you cannot even copy an email text out and only manages the email, calendar etc... that are part of the suite. Doesn’t even affect battery life.

It does however make your phone more heavy on security e.g. you cannot any longer not have a secure entry into your phone, the minimum is a 6 character password.

You can still run Betas and enjoy your phone though.

 

[ssledoux]

So my company is offering a monthly stipend as a reimbursement for "mobile phone costs related to work tasks." However, to get the stipend, we have to install an MDM certificate and "related apps." I hate to turn down free money but I like to keep my personal and professional lives somewhat separate. Is this safe and secure? Will big brother be able to see my Alto's Adventure scores? My accidental screenshots?

We already have to use Outlook for work email and calendar, via a Microsoft Authenticator app.

Unrelated to your post, but do you have an Alto camper? My sister got one last summer - it’s so cool!! They are VERY uncommon around here.