Be Civil
Please treat others with decency. No bigotry (disparaging comments about any race, ethnicity, religion, gender, sexuality, nationality, ability, age, etc). Personal attacks and bad-faith argumentation are not allowed.
Content should be actually infuriating
Politics and news are allowed, as well as everyday life. However, please consider posting in partner communities below if it is a better fit.
Mark NSFW/NSFL posts
Please mark anything distressing (death, gore, etc.) as NSFW and clearly label it in the title.
Keep it Legal and Moral
No promoting violence, DOXXing, brigading, harassment, misinformation, spam, etc.
My company just started requiring Microsoft Intune Company Portal app to use Teams and Outlook. From a friend in IT infosec at another company said the app can push apps, require certain settings, password requirements, or OSs, and can see a lot of stuff on your phone. I don't think this level of intrusion into my personal phone is warranted or ethical. Be warned. I'm just going to uninstall and suffer the internal political consequences.
Imho any company that require you to install apps on your phone should provide their own hardware. No way I'm installing stalkerware on my personal device.
I required them to give me a phone if they wanted extra control. So they gave me one. And then I refused to carry it around outside work hours, because I'm not paid for that and refuse to carry 2 devices and must have my personal device. So I never used the phone for work, it became an android auto device that sat in my car.
If you're hourly, that totally makes sense, but if you're salary then in a lot of places in the world they kind of semi-own your ass and you do have to check messages outside of "work hours" since those technically don't exist for you. Some companies might enforce the standard 8-5, Monday through Friday and encourage only working 40 hours a week (and those are good companies), but legally they don't have to limit it to just that on salary.
I've only never heard of that shit from the US. Hourly is hardly a thing elsewhere, unless for delivery drivers and similar.
Yes, if you want company data on a device then the company would be remiss to not want some level of control over that device. This isn't some big brother-esque conspiracy. They want to ensure you're not stealing company information or doing something stupid which might cause company data to be leaked or stolen by a bad actor. This is pretty common cyber security stuff. Now if the company REQUIRES you to have company data on your phone and does not have the option to provide a company phone to you then I can see a reason to be upset.
-someone who works in cybersec for a large company
This is correct.
In order to keep your work data in a company managed container, the Company Portal app is required on Android. Even if the information they can gather is limited (ie simpler App management policies) it does open the door to potential privacy risk.
You don’t own the data in the corporate systems. Your rights to privacy vary by jurisdiction. If you don’t want the app, you may be entitled to remove the company data from your device. It’s unfortunate and a pain in the butt.
~~This situation is the latter, not the former~~ edit: my response was confusing.
My sitch is personal phone/company info
That’s still not clear as there are two versions of that.
If your situation is that you are required to have company data on your personal phone and so requires you to have this app on your phone then that is infuriating.
If the situation is that you are allowed to have company data on your personal phone but you are required to have the app if you choose to have the data then that’s not infuriating IMO.
I’m responsible for the security in our company and we have the second version where people can choose to have the company data on their personal device if they also allow that app. If they choose not to use their personal phone for company work then that’s fine and they don’t need the app.
And when I say choose I mean that you should have a real choice. Not a choice where you are considered not to be a team player or other such BS if you don’t agree.
They need to provide a device if they’re requiring the use of this software.
Your line needs to be:
"It is inappropriate for me to store or access company data on my personal device. If you want me to be reachable outside of the office other than through phone or text, I will need a company device."
This. As an IT administrator I can absolutely understand the need to adhere to certain baseline requirements for devices accessing company data. And I know my best bet to have control over that is with company supplied hardware. Not BYOD, fuck that.
Even though phone or text. If you want not then a cursory via or call, you need to provide a phone.
When I started my current job, the first moderately healthy work environment I’ve ever been in, I had trouble getting outlook on my phone because of this issue. I went to my boss and told him “I’ve been having some trouble getting work emails on my phone-“ and he interrupted me with a “Why the hell would you want to check emails at home?”
Great point! No one asked me to, just assumed I should out of habit.
If they want to control your device they must buy and pay for the device. Don't use it for personal things.
You are correct. If you were never required to use your personal device before you have the right to fight this. We had something similar here and if people complained they needed to be accommodated. The belief was if we just tell them to do it the majority will and say nothing. It was true, but a handful did not. This wasnt requiring teams or intune though, we have company phones for that. This was requiring the authenticator app fpr MFA for the company. Of course not everyone in the company has a company phone. I would imagine the same applies to this situation.
The last time I had that on a phone, it was a company phone. Seeing as they were paying for it, I didn't mind. That is the only way I would tolerate this.
Do not ever ever ever load company stuff on a personal device.
Keep that veil of separation IP between company and personal.
If company demand you use a mobile device, let them provide it and carry 2 phones.
Remember if company info touches a device it can be subpoenaed and siezed if the company is sued.
Company data and data charges on your phone are not reimbursed.
Used to be if the company wiped their partition, it wiped the whole phone.....this has been corrected, but just proves the point to keep things separate.
Do not ever ever ever load company stuff on a personal device.
My job issues cell phones for work. I was told that it is permissible to use these phones for personal, and many coworkers do in fact do this.
No fucking thanks.
It depends on the registration profile they require. If they have you register it as a company owned phone vs a BYOD device.
BYOD registration creates a separate partition on your phones hard drive for the apps installed via the company portal. They cannot see all apps on the device, or any web traffic, sms, phone calls etc. they cannot lock the device or wipe the device in its entirety, only the apps on the company partition.
So in short, it depends on how the IT / Security department setup the device registration, and the registration process will notify you of the access level and allow you to accept / deny.
The issue is they just triggered it without communication. That's a breach of respect.
Depending on the industry / region in which you work, they will have regulatory obligations to protect sensitive data such as PII and PHI. From a business perspective they are trying to remove liability and decrease of obvious attack vectors they have limited control over. From an individual perspective, they are implementing controls that protect the privacy rights of their customers. As a security professional, it's good to see. Personally I would always prefer to keep work and personal items separate to reduce the chance that I'm the cause of a breach.
They can send emails to their coworkers to communicate. They don't. I understand there might be reasons they rolled it out.
happy cake day!
Make them give you a company phone, intune is absolutely too much control on a personal device.
Can even remotely wipe it they feel like it. I don't think legally they can require you to install it. I haven't for my phone. If they want to talk to me off the clock they can buy me a work phone.
Not necessarily. IIRC, only fully managed devices can be remotely wiped. OP's phone probably isn't fully managed.
I have to have it as well... Thankfully GOS let's me lock it down enough I don't think I have to worry about them wiping it. When I log into our Azure admin portal and look at my normal user account it doesn't even show that I have teams on my phone. While I'm sure that's less than ideal from a business security thing, its not my lane to fix it and I think I prefer it that way.
They can't make you install that on your personal device. Just don't do it. If they want to require it, then they can provide you a company phone.
That's an Android device. Does it not require you to setup a partitioned work profile? The partitioning is for this sort of thing. It silos the work profile for some privacy.
I don't believe it does, but @apfelwoiSchoppen@lemmy.world, if you go on f-droid and grab an app called shelter, you can very easily move any of this work stuff to a work profile. I did and I recommend you do too.
Interesting. I'd almost rather buy a shit second phone for work before putting this crap on my phone. Especially when I run e/os, which it may not like.
Same situation for me, this is what I did. No data plan, just a cheap android I only need to use on wifi and personal hotspot from my other device as-needed
100% right decision to get a secondary phone if you have to do this, IMO. It may not break at the same time, you can leave it somewhere and still use your main phone, your phone decisions are separate from your work considerations. Some new secondary phones look really cool also, like the one with the BlackBerry keyboard.
One thing to note (for what it's worth I use Island rather than Shelter, but the end result is the same), Microsoft can't get their shit together. While most things work normally with "Work Profile" apps, a couple of things don't.
The biggest annoyance by far for me is I cannot answer Teams calls on Android Auto. Perversely, I can reply to messages (DMs or group chats, but not channels) hands-free by talking to the car, but if a call comes in the UI only appears on the phone and not the car's display.
I'm sure Microsoft could fix this, but it's been broken for the ~2 years since they started supporting Android Auto in any capacity, so I'm guessing they aren't going to.
Overall though, my favourite feature has to be the one-click toggle that disables all of the work apps. No notifications, no syncing in the background, no nothing. As soon as my phone connects to my home WiFi, an automation turns it off for me. Glorious, glorious silence.
Wild. My work specifically requires the work profile. I guess I assumed these sorts of things all leveraged that ability.
The app was required to bootstrap the work container last time I had android work profiles come up.
i had to deal with something similar at work & they initially said that they couldn't provide a work phone, it wasn't in their budget
so i started using an old non-smartphone that i found buried in a drawer & said i'd lost my smartphone
they provided a work phone p soon afterwards. it might work for you if you have an older phone lying around somewhere? 🤞
It gets way worse from there. Managed apps like Teams and Outlook now require you to unlock with fingerprint and anything you copy in Outlook, Teams or Edge can't be pasted anywhere else, also you can't paste stuff from other apps into MS apps.
At least that's how it was at my company. I got a phone from them and I used it as my personal phone as well for a while but this threw me over the edge at some point.
Company Portal is very good at sapping 30% of my battery in an hour when ever I use an app managed by it. Its trash.
We disabled the microsoft store on our public machines. The reason is simple. The microsoft store install programs that require local admin. Microsoft sales div bypasses security for money and after a while it was easier to get rid of them.
Yeah I pretty much said fuck no to that lol. I'll call in if I have to
yeah, no.
I have a work phone and my phone because of this.
If you do want to still use your personal phone and are on Android, use Shelter to make a Work profile and install Teams into that. Then it will install the Intune app just on your Work profile. You can turn work apps off with one button, and it gives your work zero access to your personal side of the phone.