stimpy

If it is technically possible (i.e. not blocked), it's up to the user to decide if they want to do that. And every company I've worked for allows that. But I work at tech companies mostly and their users are a bit more advanced.

IT policy at many corporations overly restricts intelligent users to protect the company against stupid users. They ought to not allow unrestricted email to the dumb ones, but that never happens in big companies.

gobluetwo

If the company has a policy around this, then it really isn't up to the user to decide to do that. Or, put another way, it is up to the user to decide if he wants to willfully and repeatedly violate this company policy. It may carry with it varying levels of consequence, but it could easily rise to the level of being a fireable offense in some organizations or depending on the content of the emails. I wouldn't do it.

If you're sure your company doesn't have a policy, by all means, do what you want with your email. But if they are using MobileIron or some other MDM protocol, chances are high that they do have such a policy.

Dubai Stu

This might sound completely "a** backwards," and would require you to be an otherwise high performing individual, but has anyone considered saying: "I don't want a company phone." I'll just check the mail on my company laptop when I get back to my room at night. I have a friend who is a high performing lawyer at a 500 attorney law firm who did just that and is now actually giving speeches about the need to be less connected.

der_saeufer

The quick answer is to ask your IT department. The amount of access they have to your device varies from almost none to total lockdown depending on how they've set it up.

The MobileIron client is relatively transparent and straightforward--it lists what access your IT department has. Mine can see what apps are on the device, get its location, turn off roaming, change the password, and wipe the device remotely. I suspect BYOD would have less access, but this phone belongs to my employer.

The policy (Settings, General, Device Management, [name of policy]) itself also lists all the restrictions. For example, my work iPhone has a password complexity requirement (no PIN), can't back up to iCloud and I can't download "Erotica" from the app store, among other restrictions.

FlyingDoctorwu

I'm not the highest performing individual but that is definitely an option for me, really without any repercussions.

Thanks! this is the information that I really wanted. I emailed the head of the IT department last week and asked for the BYOD policy and exactly how they plan on deploying MobileIron on personal devices. Maybe this should be indicative of our IT department but I haven't heard anything back from them at all.. it kind of feels like they are making things up as they go...

FDW

gobluetwo

Depending on how big your company is, the head of IT may not see replying to standard inquiries as his job. Try someone at a lower level, like a local IT guy or even your IT support line.

FlyingDoctorwu

So they finally came through on cutting off my access via my mobile, requiring mobile iron. My colleagues who've installed mobile iron on their devices have had nothing but trouble and IT can't figure out why (deleting of contacts, personal contacts and calendars synced to their exchange accounts. One has even had access to the App Store limited). It's been a gigantic cluster and it seems that IT doesn't really have it sorted out. So far though I figured out they have blocked active sync support so have been able to continue using my email on my phone by using a EWS client.

Fdw

deniah

it hasnt been that terrible except we have to use the Email+ client which is a gigantic turd and i have some issues with some mails that keep staying on my email+ client but theyre not on exchange server...cant delete them or move them... they keep staying persistent. i dont wanna bother reinstalling mobileiron profile

EmptyKim

I believe Exchange Activesync can do all this. Not sure what additional controls your company is trying to implement on BYODs.

tnmlyger

MobileIron is a really good system with a clear structure and excellent features. It's no surprise that it's the de facto standard for MDM systems.

That said, I don't recommend using it for personal devices because it is too intrusive. At the company for which I work, we use the former Good for Enterprise (now part of the Blackberry family) to provide a lightweight container for personal devices to be able to access PIM data.

Also, please don't follow stimpy's lead. Whether or not you have a corporate IT policy in place, forwarding your company e-mail (including possible trade secrets) to a third party hosting service is a terrible idea in terms of legal liability. I wouldn't even forward to a private server I have set up on my own box within a network I fully control, much less a service like Gmail which actively parses and analyzes incoming and outgoing e-mails.

LordHamster

Unless you are the Secretary of State and/or a Presidential candidate, that kind of thing can get you fired.

evergrn

I know there's variability in this from company to company, but how common a practice is it for an employer to keep track of your whereabouts through an app like MobilIron beyond the stated purpose of just helping us find the device if lost?

I'm forced to have this MobileIron app on my phone now for work. It's set to allow my employer access to knowing the device location.
I have to have work access through my phone 24/7, which requires installing work-related app suite on my phone that necessarily includes this MobileIron.
The other option is to possess a company-owned phone, but I refuse to carry two phones.

ajGoes

How about setting your work phone to forward to your personal phone? You could leave the work phone at home. You might want to set your personal phone to mask its number for caller ID.

evergrn

It’s not so much the calls and emails.
In order to do the work I’m required to do when I’m away from work or home, I have to have this suite of apps installed on my phone and MobileIron is part of it.

der_saeufer

Not all MobileIron installations--even those that want tracking access--will take any action if you remove the app's location privileges. You don't know until you try...

If your employer does require location privileges (i.e. will block your device until you give the app location access), then you really only have two options:

1. Assume that your employer can see where your personal phone is, or
2. Make your employer buy you a work phone, and leave it behind when you're not working

On iOS 14, you can also deny access to the precise location, allowing your phone to be tracked to a neighborhood (roughly) but not a particular building.

As for how often companies use it, there are as many answers as there are companies. Theoretically anyone with access to the console can locate your phone whenever they want, and MobileIron doesn't notify you that it's pulled your location like Find My iPhone or Android Device Manager.

MobileIron also allows remote wipe. I've gotten burned by that one--an incompetent IT person was trying to wipe an iPhone I had turned in (and wiped before doing so--which is our policy) and remotely wiped my work phone on a Friday night before I left for a week-long business trip.

My personal take on it is that if my employer wants to know where a device is and have the ability to wipe it, he can pay for it. There is absolutely no way I would let anyone but myself have the ability to wipe my personal phone remotely.