Company Portal Windows 10 Company Portal
For the purposes of this blog post I’m going to be looking at Microsoft Intune, but other MDM solutions will have similar capabilities and if you want to know about those then you should investigate that further with your MDM vendor of choice.Within the windows start menu or alternatively desktop shortcut open BlueStacks app. For most people the concerns are around private information such as text messages and photos, while others are concerned about the level of control that the company gets over their device. Here, Intune allows the company to manage the data connected to apps on the device.When mobile device management is being used there are often concerns by end users about what the company can see on their mobile devices. To sign the Windows 10 Company Portal app , run the script with the input parameters detailed in the script header, as shown in the following table.Intune when it comes to managing Windows 10 devices with Intune. Download the Windows 10 Company Portal app from the Microsoft Store for Business, as discussed previously. Details: Download the Windows SDK for Windows 10.
Mobile device management requires a level of trust between the end users in your organization and the people responsible for managing the MDM platform. Download Intune Company Portal - Microsoft Intune helps organizations.Those two types of concerns can be addressed separately, but before I go into that in more detail I just want to point out that this is not a purely technical problem to solve. And finally, you'll be taken to google play store page where you may search for Intune Company Portal application utilizing search bar and install Intune Company Portal for PC or Computer.Download this app from Microsoft Store for Windows 10, Windows 10 Team (Surface.
Sign in to access your Outlook, Hotmail or Live email account. This topic documents the process for deploying the Intune Company Portal to your Microsoft Managed Desktop users.Get free Outlook email and calendar, plus Office Online apps like Word, Excel and PowerPoint. For more information, see How to Configure the Microsoft Intune Company Portal app. This includes brand imaging, adding in local support contacts, and more. This means that you should have, at a minimum:IT administrators can customize Company Portal for their organization. There also needs to be reasonable policies in place to reduce the risk of administrative error (or malicious action) causing a data loss or breach of privacy for the user of a managed device.
Able to configure policies, access inventory data, etc). A limited number of trusted and trained administrators who can manage the sensitive and impactful elements of the MDM solution (e.g. The goal is to have a document that your users will actually read, understand, and willingly sign (or reject), and not just a formality that gets signed and filed away somewhere to cover your butt in the event of a problem later. A real one, written by humans and only partially mangled by lawyers.
Let’s start with device information. There’s some extra considerations to apply here that I think are pretty important. Intune admins can’t see phone call history, web surfing history, location information (except for iOS 9.3 and later devices when the device is in Lost Mode), email and text messages, contacts, passwords, calendar, and cameral roll.So, is it as simple as that? Not really. Privacy notice displayed to iOS users enrolling in IntuneAs you can see the privacy notice is fairly clear about what the Intune administrators can see – model, serial number, OS, app names, owner, device name. Privacy advocates from the user population who can review and understand the level of control and access that the MDM solution provides over managed devices.So with all that in mind, let’s look at an example of what Microsoft Intune knows about a iOS device that has been enrolled.
Company Portal Full Number Becomes
Intune app inventory for a personal iOS deviceAn Intune administrator can change the device ownership from personal to corporate in the Intune admin portal. For personal devices there is no app inventory collected, except for the Company Portal app that is used to manage enrolment on the device. If you change the device ownership to corporate (more on this shortly), the full number becomes visible.Another implication of personal vs corporate devices is the discovered apps. That is the case for any personal device, which is what a newly enrolled device is classified as by default. If a SIM was present, the last four digits of the phone number would be visible. My demo device is an iPad with no SIM card inserted, so there is no phone number reported.
Just because a user consents to having their device managed, doesn’t mean they want their phone number disclosed, and it’s not clear from the privacy notice during enrolment that this will actually occur. The first is the implications for device phone numbers being exposed to Intune administrators. There are two potential issues here that you need to be aware of.
But remember, a personal device that is enrolled in Intune can be changed to a corporate device without the knowledge of the device owner. You could try to argue that a user shouldn’t be using apps that might reveal such private matters on a corporate device, which is a fair point. App inventory can reveal a lot about a person, even if the actual data within the apps is not exposed (which it isn’t). The actual consequences of this may not entirely be clear. The fact that corporate devices get a complete app inventory (for Windows 10 this only applies to Windows Store apps, not Win32 apps) is addressed in the privacy warning shown to users.
Delete – this will remove the device from Intune, but not remove data from the device. If the user does not have backups of their personal data then it will be permanently lost. Factory reset – this will wipe the device entirely, restoring it to a default state. Remove company data – this will remove corporate data from managed apps such as Outlook and OneDrive, but leave personal data such as photos and text messages alone. In an earlier screenshot you can see controls for Intune administrators to: The trust between your users and Intune administrators is key, and you should ensure that only the appropriate people in your IT support teams have access to this potentially sensitive data in Intune.There’s a few more things to be aware of when devices are enrolled in Intune.
Lost mode/Locate device – when a iOS 9.3 or later device is in lost mode an administrator can access a limited amount of location data to try and find it.Of all those administrative actions the ones of concern to end users are factory reset, which could result in permanent data loss, and remove passcode. A corporate owned device that will be re-issued to another staff member may require the activation lock to be bypassed). Bypass activation lock – used to recover devices where the previous owner has not relinquished control of iOS before they handed back the device (e.g. Remove passcode – removes the device passcode, allowing anyone who has physical access to the device to access the apps and data on the device. Additional device administration actions in Intune It takes just a few moments for the device to lock, but anyone with the device PIN/passcode can unlock it again.Hidden in a “More” menu are some additional actions that Intune administrators can take.
This is not quite full-blown auditing for Intune, which is something Microsoft says they’re working on, but at least you should be able to identity any administrators who are doing the wrong thing (intentionally or otherwise). Moving on.For any of those device actions you can see a list of who did what in the Intune monitoring section. Well… let’s just say that a previous case I investigated involved a… complicated relationship…er, triangle… of sorts… anyway, an admin helped another person gain access to a device belonging to a third person they were trying to snoop on for some rather unhinged reason.
Companies trust their staff not to act in way that is harmful, and staff need to be able to trust the organization to manage their mobile devices appropriately. Frankly I think it’s a reasonable trade-off. Which brings us back to my earlier point that most of this stuff is not a technical problem to be solved, rather it is a trust issue between the device user and the organization’s (and their IT support staff). But there’s a lot of control given to Intune administrators that could lead to more invasive snooping, or even more destructive actions.
0 kommentar(er)
