Looks like Microsoft did go ahead and requires a

October 20, 2021, 10:43 pm
Looks like Microsoft did go ahead and requires a
Looks like Microsoft did go ahead and requires a VPN in order to use corporate apps from my personal phone. Sorry, but I find this intrusive. Going to remove all corporate apps from my phone.

I have two phones now. PITA but better than everything else I tried. My work phone has no cell plan and tethers to personal when Im away from WiFi. You can set it up to do that automatically

I use my own VPN and was worried this would block that. I was also worried about privacy of device. The "VPN" is a loopback that checks things, it`s not an actual VPN tunneling traffic. I can still connect my own VPN or temporarily disable the MSFT.

Yeah, its part of Defender for mobile. Thats why I removed it from my tablet, but keep it on my mobile.

Too bad, sorry you didn`t get this policy enforcement sooner. I got this notification sometime during the summer. It made my weekends better. You`re going to like it.

I absolutely will never allow an employer to touch my personal device. I trust nobody and I definitely don`t trust Microsoft or InTune.

That was my first reaction too, but after looking into it it`s actually not that bad. Rest assured Facebook and Google know more about what you`re doing on your personal device than Microsoft does through InTune. wise. Def the right move. they can buy you a phone if they want. They have the money.

Welcome to the club! Last straw for me was the app that could monitor all DNS queries. So Ive been un-enrolled for months. The side effect was an improvement in WLB :)

The "last straw" for me was when they said I had to install Sophos AV on my phone.

This is so non zero trusty.

With the new focus features in iOS 15, I would love to see the ability to attach a VPN for only certain apps in that profile like Android After using a few MDM solutions there is no way that Id let corp manage anything to do with my personal device.

Afaik this thing (MDE?) is able to intercept only work profile apps traffic (no idea how it`s implemented on Android level). Personal profile apps traffic is not intercepted.

This is exactly what I did as well... I`m glad I did it as soon as WfH became normal in 2020 - it did wonders for my work-life balance, and forced me to shut down work by just walking out of my home office!

Would they meet you half way and give you a team/company phone to use exclusively for works?

I de-intuned a few months ago and was still able to install and use Authenticator afterwards.

Having work profile and two instances of an app also not the best solutions. Totally uncomfortable. :( But would you be able to visit corporate sites from an unmanaged device?

I can`t even look at public GitHub repos without being on a corp device. It`s doing my head in.

Ever since I intuned my phone it became frigging slow... and remained slow after I unintuned it... now I need to back everything and a factory reset

Use Android. Disable Work Profile whenever you want. Never bothered with Teams or even work email access on my phone for my most recent job. Best decision I ever made. This is why I carry a separate work phone :).

Subsequent to `enabling` the MDE VPN you may see this if you happen to be using new Mail Privacy Protection option in iOS Mail. How exactly is my privacy protected in this case, assuming local traffic routing? Which apps? I can use Teams and Outlook without issues. I created a Work Profile in my Android and everything is isolated from my personal apps. Works fine, no VPN needed.

Agreed. The fact that you install *work* on your PRIVATE phone is a privilege which your employer has been given by you. If they think they can exert authority over your personal devices they can go and... you know what :) Privilege revoked then.

Wait, we get Adobe from work?

Exactly - and they can happily just cut your access. However with Android, they can wipe your phone. No beeping way will I accept that on a personal device. If we cared about security then the would wouldn`t run on unencrypted email. This is a pure power play.

My company went to requiring intune as well, ended up being the catalyst to disconnect after work hours (bad COVID work from home cycle of working from when I wake up till I went to bed). If it`s an emergency they can call my cell. Best decision I ever made

Gotcha. Do you face the risk of getting into a situation where your legal department might ask you to hand over your phone with the means to unlock it so they could meet the requirements of a dawn raid or a subpoena?

I`m so confused - I have Intune but it didn`t even install a VPN endpoint, no docs I can find even mention it. Maybe if you`re under MDM, you don`t need a VPN to access any non-VPN resources?

Sub provided by Microsoft

As soon as I saw intune I told my boss they could buy me phone if they wanted me to do that to a device

Are you using a Microsoft account for adobe?

Thats why I have 2 phones now. A little bit inconvenient but can reduce the risk of leaking info and be the one get blamed

Don`t have this problem over here, our labor laws require that the company must provide every equipment required for work or the employer should compensate for the use of personal devices.

Subscription to specific MSFT services. Ill have a closer look to policies administrators might create to replicate that sort of behavior. Sounds quite like a policy.

traffic does not leave the device.

It is worse: third party apps that use Microsoft auth (like Adobe, or reading a newspaper from the ms library) require an intuned phone. I gave up on those.

Crazy. U.S. based? E5 sub?

Ok, then I`m afraid you have a valid point

Couldnt find anything related in MSFT updates (GER), where did ye encounter that sort?

Are you using iOS or Android? If it`s the latter, based on some internal threads, the VPN is connected only to the work profile. It doesn`t have access to the personal one. I don`t know how it works on iOS, since it doesn`t have the same level of segregation.

Did they enable it? I thought they said October 26th or so (maybe we are in different rings). I had the app installed and everything, but the VPN toggle turned off in Settings - did they patch that loophole?

It`s really great not having teams and outlook on your phone

your creed

Even checking your paystub requires an MS managed device, which is unacceptable imo.

100% agree, if my work wants me to have/use their mobile apps they are going to give me a phone. I do not even put work chat on it.

The entire "let your work sysadmin control your Android" was a big reason for me to ditch being an employee and start for myself. It`s anti-privacy, employee unfriendly and in the end counter productive "feature" for our megalomaniac friends in corporate IT.

I only left Authenticator. This one better not require a VPN or I`ll request a device paid for by Microsoft.

my company does this too. it`s goofy, i can just load email in the browser instead anyway. lack of notifications is a feature imo

Every time I came back to do consulting for Microsoft that came up (or similar things). Never used my personal phone for work. Too intrusive indeed. Not a bad thing though. Didn`t use my phone for work!

Why did you put corp apps in your personal phone?

Did this on my personal phone a few months ago due to VPN. At first I was nervous but turns out it`s a stress reliever for me. I`m not disciplined enough to set boundaries and would check email / teams all the time. Now I can`t and it`s forced me to have boundaries

Is that a very new thing?

 
Sponsored links