Today I learned about a feature of ActiveSync https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/exchange-activesync/remote-wipe-on-mobile-phone#use-outlook-on-the-web-to-wipe-a-users-phone. Allegedly administrators can wipe full devices from remote. Let’s say I use MS Outlook for Android or Nine as an ActiveSync-capable email program on /e/OS and the administrator activates wipe…will this really happen? And if yes? Why, the hell?
Maybe you should use Shelter to separate business and private apps on your phone.
This depends on how the MDM is set up in Azure / Intune. Is the device BYOD? If yes, then there’s two separate profile - personal and work profile. The employee still owns the phone and it’s their property. So this way, when an administrator wipes the phone remotely, it only wipes the data on the work profile and everything work-related. The personal profile stays untouched. The administrators can’t even access personal data on the phone.
If the phone is fully MDM managed, then this means the phone belongs fully to the company which provided it. There is no personal and work profile. So remote wipe causes the phone to delete all data, apps and accounts on the phone (in a nutshell factory reset). Or the administrator can still choose to wipe the account only which means that only the corporate data, apps and other corporate-related stuff gets deleted but everything else stays.
You can also enroll a user device, for some companies it is mandatory to connect to their O365 instance.
Not sure enrollment will work in work profile with Shelter, never tried …
Thanks to everybody for contribution. But the background of my question is why some remote organisation can wipe my phone when I use a degoogled operating system like /e/, My expectation is that I have control over my phone.
You have control over your phone but you absolutely do not have control over corporate data which might be stored there. That’s the difference. Such data does not belong to you but belong to the organisation you work for. Doesn’t matter which ROM you’re using be it GrapheneOS, CalyxOS, /e/os, LineageOS or for example a stock ROM.
As I have said - your private data stays there even after a remote wipe (in cases where it’s BYOD). The only difference is for the corporate data.
This topic was automatically closed after 30 days. New replies are no longer allowed.