What is Microsoft InTune?
6and should I install it on my personal cell phone to get my company email?
As I understand the software, it gives the company the ability to control certain (most) features of my phone in order to “protect their data”. Can anyone clarify the type of control/access they’ll have and if this is something I should be concerned with?
Thanks for the help!
- 8 comments, 16 replies
- Comment
I would not do this. The companies I deal with who want this sort of device control provide employees with company-owned phones.
I know nothing of this tech. Just, my phone is “private space”.
@f00l “private space” for “private personal time”, amirite? Incognito Mode FTW!
/giphy nudge nudge wink wink
@medz
My companies get they time the get, and do not get to put sw in my phone.
And I prefer invisibility cloaks were applicable.
/giphy invisible
It’s fucking Microsoft. That right there should answer all your questions. Just don’t do it. If they want you to have access to company email on the go, login through a web based portal . . . or maybe they need to provide you a dedicated device, on their dime.
I wouldn’t do it.
@Pavlov
Welcome back!
here’s an overview of it on tech republic:
http://www.techrepublic.com/article/improving-byod-security-with-microsoft-enterprise-mobility-suite/
this bullet point stands out:
so, to answer your question, don’t do it. nope. nuh-uh. no way. fuck that fuckity fuckin shit.
@carl669
The answer to question one is:
If you want email on your device through an app, you’ll almost certainly have to install it/allow it to run/accept the changes it proposes.
(You could always check your email through OWA on your phone, but that’s inconvenient enough, and on Exchange 2007 a hot mess).
The answer to question two is “Possibly anything”.
Originally, you could really only make broad sweeping changes and policies to devices accessing email (force a password or pin, set the length, set screen timeouts, force encryption, disable hardware features), and do full device wipes or remove the device from the user’s account.
You’ll notice those policies aren’t really designed for a modern smartphone, especially under a BYOD or related plan: no way to handle apps or services (especially ones that aren’t hosted behind your firewall), no granular way to handle device wiping (you’d likely be more willing to report right away when you wouldn’t lose any of your personal stuff ), and no way to provision you apps & services automatically (like you can on a desktop/laptop).
This is what Microsoft InTune works on- mobile device management (all of the above, and more app & service focused management, with granular wiping), identity management (giving you single sign-on to all of your corporate stuff with one login), and extending ease of administration to mobile devices.
The device will probably tell you what the InTune policies are (up to the limits of the OS anyway), but you’d need to ask your IT group what exactly they’ll be controlling and can wipe for you on the device.
It may be they only care about their apps, the email, and access to any cloud services, and so would just wipe those bits, or keep them in a secure part of your phone that can’t talk to your personal stuff.
Or, they could be super-hardcore about the whole thing, and do almost anything.
Has MicroSoft rebranded song smith?
I’m not sure wtf it really is and I think I may be running a fever so I don’t feel like figuring it out, but speaking as someone who runs Exchange (among other things) for work and has to push out a policy that requires people to allow remote wiping, I’ll say that there are advantages and disadvantages to it for both the company and the individual.
Back before I was using the Gmail app to access Exchange email, it was simple to remove the device administrator priv from the email app (Settings, Security, Device Administrators…). However, the Gmail app isn’t quite as stupid and if you take away its device admin priv, it removes all email accounts that require device administrator privs. (This applies to Android devices, no rooting required… if you’re running iOS, eh… your choice, there is probably a way to do the same thing and it almost certainly requires jailbreaking and I really don’t give a shit.)
Finally, I agree with whomever said that companies that require it AND that require their employees to have email on their phones, should be providing said phones. If the company doesn’t require email access from elsewhere, then eh, it is the person’s choice whether they want the email or not and I have less sympathy. Personally, I want to know what’s going on since it makes my life easier and I don’t see an advantage to carrying two devices (they’d give me one if I wanted it), but that’s a different topic. But then, my job’s email system is effectively MY email system, and I know how it’s run and what the email admins do and don’t do. Also, in my history of managing such things, I’m usually the one remote wiping a phone when it needs to happen and I’ve yet to do it except when someone has lost their phone and wanted it wiped.
I wouldn’t install it on a personal device. Ever. InTune won’t let them spy on you but it will give them to do basically anything they like up to and including wiping your device. If they are insisting you have mobile access to your email you should insist that they either provide you with a company device or provide you with access to your email either through a less intrusive app or a web portal.
People are acting like the ability to wipe your device is a bad thing…
If my phone gets lost or stolen (and I can’t find it in a reasonable timeframe), I’ll probably use Google’s services to wipe it (or maybe Lookout), but if I can’t for some reason, my employer should be able to wipe it to prevent any data breaches. This is the risk you take for using your personal device for work stuff. I’d prefer them wiping the device than suing me for the potential breach of all sorts of protected data stuff. (PCI, FERPA, HIPAA, etc)
If you are so scared about your phone getting wiped, here’s a tip: BACK SHIT UP! That’s right. App data, contacts, pictures,… pretty much everything can be automatically backed-up to the cloud these days. There are plenty of services for this. Google makes it really easy to do.
@medz it’s not that remote wiping is a bad thing. it’s just having someone else be in control of it.
then again, my personal phone is mine. no work emails shall ever mar it’s beautiful 4.5 year old face.
Amen said the congregation.
@Pavlov and @carl669 It depends on who the someone else is. I wouldn’t say I fully trust that area of IT, but I would know who did it and I would know where to find them.
@medz sure. i think sometimes people can get a bit too paranoid about their electronic devices. but, with all the data breaches and stealing of personal information, that’s a line in the sand we each have to draw for ourselves.
side rant: actually, just this past weekend, some motherfucking cock breath shit hole excuse for a waste of sperm tried to open 8 credit cards in my name. you’d think the asshole credit bureaus would actually talk to each other’s systems and automatically flag 8 hard inquires made at 3am on a saturday as fraudulent. but, nope. i had to sort that shit out myself.
This, this, and thrice this. My personal device is my device, the only one making a decision about wiping my device should be me. By installing this software the exclusivity of that decision is forever compromised and, frankly, a company seeking to implement such a software solution is almost certainly doing so with the intent to use it. They don’t care about your personal photos and other irreplaceable things they might destroy, they want to protect their information and if your stuff gets nuked in the process, ‘well you should have thought of that before giving us control of your phone.’
It’s easy to say that the user should be backing up their stuff but one of the main purposes of InTune is to protect proprietary information from being disseminated to which extent InTune has the ability to shut down access to things like iCloud, Google Cloud, etc. which many people depend on the back up their photos and contacts and other such things.
@Pavlov You run a business which deals in sensitive information- how do you handle lost phones and employees you’ve had to let go?
@dashcloud All company owned phones are encrypted, use strong credentials to unlock and all Google accounts use 2FA. I haven’t needed to let anyone go in years. I might want to kill a few of them from time to time, but then I sit down with them and we get drunk and we work the shit out. You really have to work hard to get fired around here . . . but we’re really, really choosy in hiring for our team - we’re a lot more like family to each other than co-workers.
@Pavlov I salute your security, and wish you success for many years to come!
@medz I hear that same basic argument often when it comes to security matters, and it just never makes sense. Even if you have absolute trust in your company, what if they get hacked? What if a disgruntled IT guy decides to wipe everybody before they get fired? Or an intern with nothing much to lose? What if someone gets access to the building and wipes just for a prank? What if they’re supposed to wipe someone else but get you instead? What if the damn thing just simply fucks up?
Basically, if there’s a remote, anonymous way to fuck with people on a mass scale, sooner or later someone WILL take advantage of that ability. That’s just human nature.
@Starblind yeah, like a buddy of mine that redirected the Microsoft Website of the Day (yes, that was a real thing once upon a time) to a porn site just by using (corrupting) the routing table of the Cisco that controlled the traffic in and out of the datacenter where the site of the day was hosted (the site that day had “made with Macintosh” plastered all over it anyway, not sure what Microsoft was thinking) thereby returning the correct page to anyone viewing it in Redmond but serving up titties to the rest of the world, linked straight from the MS homepage . . .
If someone can fuck with it, they will.
That was a fun day. Epic really. But proof of your point. If someone can, they most likely will.
(wasn’t me . . . widely reported though in 1997 in the KC press when it went down - that was back in the day when Hustler online and many larger porn presences were hosted from KC - had a lot to do with the amount of fiber laid here downtown as a result of the Gulf war . . . KC was a HQ backup for the Army and they laid fiber everywhere - porn companies needed dark fiber and cheap port near a NAP, so they came here and back hauled all their data to St. Louis for next to nothing thanks to the US Army)
@Starblind sorry, drunken rambling . . . burp
@Pavlov
Drunken ramblings are always +1,
If that quality post was intoxicated or under the influence, news to me.
KC full of surprises.