MobileIron on BYOD
#16
FlyerTalk Evangelist
Join Date: Feb 1999
Location: Seat 1A, Juice pretty much everywhere, Mucci des Coins Exotiques
Posts: 34,339
IT policy at many corporations overly restricts intelligent users to protect the company against stupid users. They ought to not allow unrestricted email to the dumb ones, but that never happens in big companies.
#17
Join Date: Jun 2007
Location: gggrrrovvveee (ORD)
Programs: UA Pt, Marriott Ti, Hertz PC
Posts: 6,091
If you're sure your company doesn't have a policy, by all means, do what you want with your email. But if they are using MobileIron or some other MDM protocol, chances are high that they do have such a policy.
#18
Join Date: Nov 2006
Location: Detroit; Formerly Dubai
Posts: 3,652
This might sound completely "a** backwards," and would require you to be an otherwise high performing individual, but has anyone considered saying: "I don't want a company phone." I'll just check the mail on my company laptop when I get back to my room at night. I have a friend who is a high performing lawyer at a 500 attorney law firm who did just that and is now actually giving speeches about the need to be less connected.
#19
Join Date: Dec 2010
Location: DEL
Posts: 1,057
The quick answer is to ask your IT department. The amount of access they have to your device varies from almost none to total lockdown depending on how they've set it up.
The MobileIron client is relatively transparent and straightforward--it lists what access your IT department has. Mine can see what apps are on the device, get its location, turn off roaming, change the password, and wipe the device remotely. I suspect BYOD would have less access, but this phone belongs to my employer.
The policy (Settings, General, Device Management, [name of policy]) itself also lists all the restrictions. For example, my work iPhone has a password complexity requirement (no PIN), can't back up to iCloud and I can't download "Erotica" from the app store, among other restrictions.
The MobileIron client is relatively transparent and straightforward--it lists what access your IT department has. Mine can see what apps are on the device, get its location, turn off roaming, change the password, and wipe the device remotely. I suspect BYOD would have less access, but this phone belongs to my employer.
The policy (Settings, General, Device Management, [name of policy]) itself also lists all the restrictions. For example, my work iPhone has a password complexity requirement (no PIN), can't back up to iCloud and I can't download "Erotica" from the app store, among other restrictions.
#20
This might sound completely "a** backwards," and would require you to be an otherwise high performing individual, but has anyone considered saying: "I don't want a company phone." I'll just check the mail on my company laptop when I get back to my room at night. I have a friend who is a high performing lawyer at a 500 attorney law firm who did just that and is now actually giving speeches about the need to be less connected.
The quick answer is to ask your IT department. The amount of access they have to your device varies from almost none to total lockdown depending on how they've set it up.
The MobileIron client is relatively transparent and straightforward--it lists what access your IT department has. Mine can see what apps are on the device, get its location, turn off roaming, change the password, and wipe the device remotely. I suspect BYOD would have less access, but this phone belongs to my employer.
The policy (Settings, General, Device Management, [name of policy]) itself also lists all the restrictions. For example, my work iPhone has a password complexity requirement (no PIN), can't back up to iCloud and I can't download "Erotica" from the app store, among other restrictions.
The MobileIron client is relatively transparent and straightforward--it lists what access your IT department has. Mine can see what apps are on the device, get its location, turn off roaming, change the password, and wipe the device remotely. I suspect BYOD would have less access, but this phone belongs to my employer.
The policy (Settings, General, Device Management, [name of policy]) itself also lists all the restrictions. For example, my work iPhone has a password complexity requirement (no PIN), can't back up to iCloud and I can't download "Erotica" from the app store, among other restrictions.
FDW
#21
Join Date: Jun 2007
Location: gggrrrovvveee (ORD)
Programs: UA Pt, Marriott Ti, Hertz PC
Posts: 6,091
I'm not the highest performing individual but that is definitely an option for me, really without any repercussions.
Thanks! this is the information that I really wanted. I emailed the head of the IT department last week and asked for the BYOD policy and exactly how they plan on deploying MobileIron on personal devices. Maybe this should be indicative of our IT department but I haven't heard anything back from them at all.. it kind of feels like they are making things up as they go...
FDW
Thanks! this is the information that I really wanted. I emailed the head of the IT department last week and asked for the BYOD policy and exactly how they plan on deploying MobileIron on personal devices. Maybe this should be indicative of our IT department but I haven't heard anything back from them at all.. it kind of feels like they are making things up as they go...
FDW
#22
So they finally came through on cutting off my access via my mobile, requiring mobile iron. My colleagues who've installed mobile iron on their devices have had nothing but trouble and IT can't figure out why (deleting of contacts, personal contacts and calendars synced to their exchange accounts. One has even had access to the App Store limited). It's been a gigantic cluster and it seems that IT doesn't really have it sorted out. So far though I figured out they have blocked active sync support so have been able to continue using my email on my phone by using a EWS client.
Fdw
Fdw
Last edited by FlyingDoctorwu; Apr 28, 2017 at 7:12 pm
#23
Join Date: Jul 2008
Location: K+K
Programs: *G
Posts: 4,866
it hasnt been that terrible except we have to use the Email+ client which is a gigantic turd and i have some issues with some mails that keep staying on my email+ client but theyre not on exchange server...cant delete them or move them... they keep staying persistent. i dont wanna bother reinstalling mobileiron profile
#24
Join Date: Sep 2010
Location: City of Angels
Programs: DL Kettle| HH Pot
Posts: 525
My company provides devices (iPhone 5s) and supports a BYOD policy (as well as own cellular provider). For years the company provided devices have been delivered with MobileIron installed. Those of us that BYOD have had access to the exchange service via the built in email client. Now, however, they would like the BYOD users to install MobileIron on our personal devices to access the exchange service and will be suspending access to non-MobileIron users... here's my questions...
1) does anyone have any experience with MobileIron on a BYOD device. My company is telling me that it will enable the auto lock function and passcode function as well as allow them to delete corporate emails. I fear/think that it will allow them to do more.
2) does anyone know any iOS mail clients that spoof a desktop connection or client? we will still have access via desktop clients.
thanks
FDW
1) does anyone have any experience with MobileIron on a BYOD device. My company is telling me that it will enable the auto lock function and passcode function as well as allow them to delete corporate emails. I fear/think that it will allow them to do more.
2) does anyone know any iOS mail clients that spoof a desktop connection or client? we will still have access via desktop clients.
thanks
FDW
#25
Join Date: Feb 2005
Location: Munich, Germany
Programs: UA*S, TK*G, BA G
Posts: 361
MobileIron is a really good system with a clear structure and excellent features. It's no surprise that it's the de facto standard for MDM systems.
That said, I don't recommend using it for personal devices because it is too intrusive. At the company for which I work, we use the former Good for Enterprise (now part of the Blackberry family) to provide a lightweight container for personal devices to be able to access PIM data.
Also, please don't follow stimpy's lead. Whether or not you have a corporate IT policy in place, forwarding your company e-mail (including possible trade secrets) to a third party hosting service is a terrible idea in terms of legal liability. I wouldn't even forward to a private server I have set up on my own box within a network I fully control, much less a service like Gmail which actively parses and analyzes incoming and outgoing e-mails.
That said, I don't recommend using it for personal devices because it is too intrusive. At the company for which I work, we use the former Good for Enterprise (now part of the Blackberry family) to provide a lightweight container for personal devices to be able to access PIM data.
Also, please don't follow stimpy's lead. Whether or not you have a corporate IT policy in place, forwarding your company e-mail (including possible trade secrets) to a third party hosting service is a terrible idea in terms of legal liability. I wouldn't even forward to a private server I have set up on my own box within a network I fully control, much less a service like Gmail which actively parses and analyzes incoming and outgoing e-mails.
#26
Join Date: May 2003
Location: Cleveland, OH
Programs: UA-GS 1MM), Hertz Pres Circle, Starriott Titanium)
Posts: 1,966
What might be better is to setup forwarding from your exchange account to your personal email, or create a new gmail account just for your work emails. Then you can easily access your email on your personal device. Of course you won't be able to send email from your work domain, but maybe you can work around that.
#27
Join Date: Feb 2013
Location: Hilton, Hyatt House, Del Taco
Posts: 5,378
Is company tracking your location?
I know there's variability in this from company to company, but how common a practice is it for an employer to keep track of your whereabouts through an app like MobilIron beyond the stated purpose of just helping us find the device if lost?
I'm forced to have this MobileIron app on my phone now for work. It's set to allow my employer access to knowing the device location.
I have to have work access through my phone 24/7, which requires installing work-related app suite on my phone that necessarily includes this MobileIron.
The other option is to possess a company-owned phone, but I refuse to carry two phones.
I'm forced to have this MobileIron app on my phone now for work. It's set to allow my employer access to knowing the device location.
I have to have work access through my phone 24/7, which requires installing work-related app suite on my phone that necessarily includes this MobileIron.
The other option is to possess a company-owned phone, but I refuse to carry two phones.
#29
Join Date: Feb 2013
Location: Hilton, Hyatt House, Del Taco
Posts: 5,378
In order to do the work I’m required to do when I’m away from work or home, I have to have this suite of apps installed on my phone and MobileIron is part of it.
#30
Join Date: Dec 2010
Location: DEL
Posts: 1,057
Not all MobileIron installations--even those that want tracking access--will take any action if you remove the app's location privileges. You don't know until you try...
If your employer does require location privileges (i.e. will block your device until you give the app location access), then you really only have two options:
As for how often companies use it, there are as many answers as there are companies. Theoretically anyone with access to the console can locate your phone whenever they want, and MobileIron doesn't notify you that it's pulled your location like Find My iPhone or Android Device Manager.
MobileIron also allows remote wipe. I've gotten burned by that one--an incompetent IT person was trying to wipe an iPhone I had turned in (and wiped before doing so--which is our policy) and remotely wiped my work phone on a Friday night before I left for a week-long business trip.
My personal take on it is that if my employer wants to know where a device is and have the ability to wipe it, he can pay for it. There is absolutely no way I would let anyone but myself have the ability to wipe my personal phone remotely.
If your employer does require location privileges (i.e. will block your device until you give the app location access), then you really only have two options:
- Assume that your employer can see where your personal phone is, or
- Make your employer buy you a work phone, and leave it behind when you're not working
As for how often companies use it, there are as many answers as there are companies. Theoretically anyone with access to the console can locate your phone whenever they want, and MobileIron doesn't notify you that it's pulled your location like Find My iPhone or Android Device Manager.
MobileIron also allows remote wipe. I've gotten burned by that one--an incompetent IT person was trying to wipe an iPhone I had turned in (and wiped before doing so--which is our policy) and remotely wiped my work phone on a Friday night before I left for a week-long business trip.
My personal take on it is that if my employer wants to know where a device is and have the ability to wipe it, he can pay for it. There is absolutely no way I would let anyone but myself have the ability to wipe my personal phone remotely.
Last edited by der_saeufer; Nov 9, 2020 at 5:29 am