• Rekorse
    link
    fedilink
    English
    arrow-up
    3
    ·
    28 days ago

    How does the separate profile keep the company from factory resetting the whole device?

    • TexasDrunk@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      28 days ago

      Because they can only see, install, or wipe things inside the work profile. It’s all sandboxed.

      Quick edit: This is for Android. I have no idea about iPhones.

      • Rekorse
        link
        fedilink
        English
        arrow-up
        4
        ·
        28 days ago

        I don’t believe iPhone allows this, or at least the customers at my work don’t enable it for iOS.

        I hadn’t had to set it up myself though so I wasnt sure. I would rather avoid the MDM altogether if possible.

        • TexasDrunk@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          28 days ago

          I get it, and I don’t blame anyone for that choice. I made mine based on utility, convenience, and knowledge of the tool for me. I don’t care how convenient it makes things for work. They’ll give me a phone if it’s that convenient for them. But I’m not qualified to make that decision for anyone else.

        • TexasDrunk@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          28 days ago

          I shot a message to a colleague who is still in IT (I’m into other shit these days) and he says you’re correct. IOS doesn’t allow for this. The IT department running Mobile Device Management would have to set up Mobile App Management (MAM) on their side. So it’s possible that they only get access to those apps without giving them access to the whole device but a lot of lazy departments won’t do it.

          • Rekorse
            link
            fedilink
            English
            arrow-up
            1
            ·
            27 days ago

            Well that explains why one of the other teams clients revolted against intune and switched to just using MFA for o365.

            Its funny, they are so jaded by the MDM they keep grilling people about the MFA and if it gives access to their phones, etc.

            I also think some people are starting to catch on to Microsoft’s apps collecting too much data, including MFA. Theres a big banner when you first set it up asking for permission.