this post was submitted on 07 Oct 2024
72 points (96.2% liked)

Asklemmy

44129 readers
232 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

I'm non-techy. I work for a public school district and visit with kids in about a dozen schools. I like having my work email on my phone so teachers can get in touch if they need me. For years we've just used the outlook app with no real issues that I've noticed. We're seeing more and more micromanagement and it sucks. We recently got notice that we have to install Cisco Duo on our phones if we want to have our email on it. Should i do that? Or just say no and be ok with being out of contact?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] cm0002 15 points 2 months ago* (last edited 2 months ago) (1 children)

I work in IT and have implemented quite a few MDM systems. For Android, a work profile will be entirely isolated personal data wise. IT can't see anything beyond the work walls, however, there are a few shared things.

If work enforces a tougher screen lock setting, it'll take precedence over your regular lock screen setting. You might also have a few other things change while it's active, like display time out (if work has a shorter setting).

We can also see certain shared info like device serial number, IMEI number, OS version, security update version etc. Depending on the configuration, GPS/location info can be obtained as well (via an force-installed policy app for example)

You can pause the profile at anytime which suspends ALL work profile app activity (So if there was an app they install that they could get GPS info from, that app would no longer be functional until unpaused again (no it can't "run in the background" and collect info on the background either, it's wholly suspended)) and the pause feature can be set on a schedule so if you have a 9-5 you can set it to that and avoid the whole "always available" problem.

[โ€“] MattMatt 6 points 2 months ago (2 children)

I wish work profiles were more separate. My company's work profile ended up locking me out of my phone (including the personal profile) and forced me to wipe and start over with it. They disabled fingerprint unlock and required my unlock password to change monthly, and I got the periodic "you have to change your password NOW" notice while plugged into my car with Android Auto. I couldn't enter a new password and the phone never unlocked again.

I know, probably a super rare set of circumstances, but I'm not going to allow my work to root my phone again. They can buy me a phone if they need so much control.

[โ€“] [email protected] 6 points 2 months ago

Periodically rotating passwords is against NIST policy. Ask IT why the insist on using it when everyone, even the government, says it's insecure

[โ€“] [email protected] 1 points 2 months ago

Even hard shutdown and rebbot brought you into work profile?