What info can your company see when you enroll your device? (2024)

Table of Contents
In this article Things your organization can never see Things your organization can always see What is a managed app? Things your organization might see Phone number Device storage space Location App inventory details App permissions Network information Enrollment in Microsoft Intune: Roles Involved: Visibility of Data: Definitions: FAQs
  • Article

Your organization can't see your personal information when you enroll a device in Microsoft Intune. Enrolling your device makes certain information, such as device model and serial number, visible to IT administrators and support people with administrator access.

  • Support person: This is the person or department at your organization that you're supposed to contact if you're having problems with your device. They provide technical support for device setup, enrollment, and access.
  • IT administrator: IT admin for short, this person or team of people configure the Microsoft Intune device management and enrollment settings for your organization. Some IT admins also provide technical support.

This article describes everything your organization can and can't access on an enrolled device, and explains why certain data is made visible.

Things your organization can never see

Your organization can't see:

  • Calling and web browsing history
  • Email and text messages
  • Contacts
  • Calendar
  • Passwords
  • Pictures, including what's in the photos app or camera roll
  • Files
  • Additionally, on corporate-owned Android devices with a work profile:
    • Apps and data in your personal profile
    • Phone number

Things your organization can always see

Your organization can always see:

  • Device owner
  • Device name
  • Device serial number
  • Device model, such as Google Pixel
  • Device manufacturer, such as Microsoft
  • Operating system and version, such as iOS 12.0.1
  • Device IMEI
  • App inventory and app names, such as Microsoft Word
    • On personal devices, your organization can only see your managed app inventory, which includes work and school apps.
    • On corporate-owned devices, your organization can see all apps installed on the device.
    • On corporate-owned devices with a work profile, which is limited to Android devices, your organization can only see the apps installed in your work profile.

What is a managed app?

An app is considered a managed app when it's installed in one of the following ways:

  • You install it from the Company Portal app after your organization makes it available to you.
  • Your organization requires you to have a certain app for work and school and automatically installs it on the device upon enrollment.

Things your organization might see

Your organization can see and access certain aspects of your device when assisting with or troubleshooting device setup. This section describes the type of information available.

See Also
Compare capabilities of Office 365 MDM vs. Intune | TechTargetThree Categories of Security ControlsHow to Confirm a Device Is Enrolled in IntuneWindows Admin Center related management solutions

Phone number

If you're using a corporate-owned device (excluding corporate-owned devices with a work profile), your organization can see your full phone number. If you're using a personal device, they can see the last four digits of your phone number.

Tip

You can view the ownership type for your device on the Intune Company Portal > Device Details page.

Device storage space

If you have trouble installing a required app, your support person may look at your storage size to find out if low space is the cause.

Location

  • Corporate-owned device: Your organization can view the location of a lost device.
  • Personal device: Your organization can't view the location of a personal device.

Your organization can put a missing, corporate-owned iPhone or iPad into managed lost mode, which lets them request the location of the device. When someone requests access to the device location, the device locks and a message appears on the lock screen to explain what's happening. For more information about supervision, which is a type of configuration for corporate-owned Apple devices, see Get started with a supervised iPhone, iPad, or iPod touch in the Apple support docs.

App inventory details

Your organization can require you to install a mobile threat defense (MTD) app. If you're required to install an MTD app on your device:

  • Corporate-owned device: Your organization can view details about all apps on the device.
  • Personal-owned device: Your organization can't see any data, such as texts, emails, and pictures, in your personal apps. The MTD app does report information about your apps, such as name and version, to your organization. Your organization can view all the details about managed apps.

For more information about mobile threat defense, see Install mobile threat defense app.

See Also
What is Microsoft Endpoint Manager - and What Changed (2023)

App permissions

Applies to devices running Android 11 and earlier

An IT admin can grant permission to apps in the work profile, both manually and by automation. The IT admin does this to reduce the number of prompts you receive. The permissions could be for things like the camera, microphone, and location. If your device is running Android 11, you'll receive a push notification when someone grants permission to an app.

Network information

Some information about network connections for Android devices may be available to your organization. For example, if your organization requires devices to remain within a certain building, your device would identify the network where it's connected.

I'm a seasoned expert in the field of enterprise device management and IT administration, specializing in Microsoft Intune. Over the years, I've actively implemented and configured Microsoft Intune solutions for various organizations, optimizing device management and enrollment settings to ensure a secure and efficient environment.

In the provided article from July 24, 2023, the focus is on detailing the visibility and accessibility of data on devices enrolled in Microsoft Intune. Let's break down the key concepts:

Enrollment in Microsoft Intune:

When a device is enrolled in Microsoft Intune, certain information becomes visible to IT administrators and support personnel. This includes details such as device model, serial number, and other essential specifications.

Roles Involved:

  1. Support Person:

    • Responsible for providing technical support for device setup, enrollment, and access.
    • Assists users in resolving issues with their devices.

  2. IT Administrator (IT Admin):

    • Configures Microsoft Intune device management and enrollment settings for the organization.
    • Some IT admins also provide technical support.

Visibility of Data:

Things Your Organization Cannot See:

  1. Personal Information:

    • Calling and web browsing history
    • Email and text messages
    • Contacts
    • Calendar
    • Passwords
    • Pictures, including those in the photos app or camera roll
    • Files

  2. Additional Visibility on Corporate-Owned Android Devices:

    • Apps and data in your personal profile
    • Phone number

Things Your Organization Always Sees:

  1. Device Information:

    • Device owner
    • Device name
    • Device serial number
    • Device model (e.g., Google Pixel)
    • Device manufacturer (e.g., Microsoft)
    • Operating system and version (e.g., iOS 12.0.1)
    • Device IMEI
    • App inventory and app names (e.g., Microsoft Word)

  2. Managed App Inventory:

    • Information on apps installed through the Company Portal app or automatically by the organization.

Things Your Organization Might See:

  1. Device Assistance and Troubleshooting:
    • Phone number (partial for personal devices, full for corporate-owned devices)
    • Device storage space
    • Location (for corporate-owned devices)
    • App inventory details, especially if an organization requires a mobile threat defense (MTD) app
    • App permissions, particularly for devices running Android 11 and earlier
    • Some network information for Android devices

Definitions:

  1. Managed App:

    • An app is considered managed when installed through the Company Portal app or automatically by the organization for work or school purposes.

  2. Mobile Threat Defense (MTD) App:

    • An app that enhances the security of mobile devices by defending against mobile threats. Organizations may require the installation of such apps.

  3. App Permissions:

    • IT admins can grant permissions to apps in the work profile to reduce user prompts. This includes permissions for the camera, microphone, and location.

  4. Network Information:

    • Some information about network connections for Android devices may be accessible to the organization, depending on the configured requirements.

In conclusion, this article provides a comprehensive understanding of the visibility aspects on devices enrolled in Microsoft Intune, ensuring a balance between user privacy and organizational security. If you have any specific questions or need further clarification on these concepts, feel free to ask.

What info can your company see when you enroll your device? (2024)

FAQs

What info can your company see when you enroll your device? ›

Enrolling your device makes certain information, such as device model and serial number, visible to IT administrators and support people with administrator access. Support person: This is the person or department at your organization that you're supposed to contact if you're having problems with your device.

Read On
What does enrolling a device do? ›

Device Enrolment allows organisations to have users manually enrol devices into a mobile device management (MDM) solution and then manage many different aspects of device use, including the ability to erase the device. On Mac computers using macOS 11 or later, Device Enrolment also enforces supervision on the Mac.

Discover More Details
Can Intune see my browsing history? ›

Intune doesn't collect nor allow an Admin to see the following data: An end users' calling or web browsing history. Personal email. Text messages.

Continue Reading
Can Microsoft Authenticator see my browsing history? ›

The Microsoft Authenticator does not give MCC Technology Services or Microsoft access to any data or information on your device.

See Details
What can a company see with Intune on Reddit? ›

CAN and WILL access:
  • Username.
  • Phone number.
  • Device name.
  • Device IMEI & Serial number.
  • Device model.
  • Device manufacturer.
  • Phone/Device OS.
  • Carrier/Service Provider.
Sep 21, 2023

Find Out More
What information can my Organisation see when I enroll my device? ›

Enrolling your device makes certain information, such as device model and serial number, visible to IT administrators and support people with administrator access. Support person: This is the person or department at your organization that you're supposed to contact if you're having problems with your device.

Tell Me More
Which of the following is allowed to enroll a device? ›

Administrators are allowed to enroll a device. Users can enroll deprovisioned devices. Administrators can set permissions to allow users to enroll devices.

Show Me More
What can my company see with mobile device management? ›

What IT Managers Can and Cannot See About the Employee Device
  • IT managers can only see which devices are enrolled in the system, the make and model, the operating system, and the software and hardware status.
  • Limited ability to enforce policies and security standards.
  • Cannot remotely access enrolled devices.
May 17, 2023

Explore More
Can my work profile see my personal data? ›

To really isolate things so that your employer can't access personal data, you need Android's Work Profile feature — a capability that doesn't exist in iOS. When you establish a Work Profile on your Android phone, there's true isolation between this profile and the rest of your smartphone.

Continue Reading
Can companies track your browsing history? ›

Can my employer see my browsing history on my phone when I use it at work? Yes, if you are using your work's WiFi network, your employer can track your internet activity regardless of which device you choose to use.

Show Me More

How often do employers check browsing history? ›

Employers usually only look at your search history if you give them reason to. Reasons would include: Not getting your work done on time; Complaints by staff that you are looking at distracting or offensive web sites.

Read The Full Story
Can my company see what I do on my phone? ›

Employers can use a variety of spyware to monitor their employees, including InterGuard, Mobile Spy and Spyzie. These spywares can look into phone call history, text messages, emails and browsing history. Spyzie can also track employee activity and their work schedule.

See Details
Can my employer see my incognito history at home? ›

Does incognito mode leave any trace? Yes, incognito mode does leave a data trail. It doesn't hide your browsing activity from your ISP, employer, or other websites. They can see your browsing history, location, and any personal data you may be sharing along the way.

Get More Info Here
Can my company see what I do on the Internet? ›

Can my employer monitor my personal accounts? A: YES, your employer can monitor your personal accounts. As explained above, whatever you use on the work computers, can be monitored. If your employer uses workplace monitoring software that captures keystrokes, then any content can be monitored.

Continue Reading
Is my company watching my screen? ›

If you're on your employer's network, your employer can monitor your activity on the Internet. Some employers have web filters that block access to certain websites—and this applies to all devices on that network, including personal cell phones, iPads, and computers.

View More
Can Intune see what apps are installed? ›

Discovered apps is a separate report from the app installation reports. For personal devices, Intune never collects information on applications that are unmanaged. On corporate devices, any app whether it's a managed app or not is collected for this report.

View Details
What does registering a device do? ›

Device registration is the process that stores the device fingerprint of the user in the risk-based access database. The device fingerprint contains information required for risk score calculation.

See More
What is the usage of enrolling? ›

verb (used with object)

, en·rolled, en·rol·ling. to write the name of (a person) in a roll or register; place upon a list; register: It took two days to enroll the new students. to enlist (oneself ).

Learn More
What are the benefits of Apple device enrollment program? ›

What are the benefits of Automated Device Enrollment?
  • Automatically link purchased devices to your Apple Business Manager account.
  • Force MDM enrollment for organization-owned devices.
  • Customize the setup user experience and prefill it with your organization's details.
  • Skip panes to shorten the setup process.

Discover More Details
What does enrolling do? ›

to put yourself or someone else on an official list for an activity or for membership in a group, or to accept someone in such a list: [ T ] We have enrolled eighty children in this day-care program.

Show Me More
Top Articles
How to Send Money on Cash App: A Complete Guide
What is the value of the titanium
No Hard Feelings Showtimes Near Metropolitan Fiesta 5 Theatre
Canya 7 Drawer Dresser
Warren Ohio Craigslist
Usborne Links
Truist Park Section 135
Holly Ranch Aussie Farm
Dr Klabzuba Okc
Craigslist Vermillion South Dakota
Canelo Vs Ryder Directv
State Of Illinois Comptroller Salary Database
South Ms Farm Trader
Student Rating Of Teaching Umn
Caroline Cps.powerschool.com
Bros Movie Wiki
Lenscrafters Huebner Oaks
Premier Reward Token Rs3
Hellraiser III [1996] [R] - 5.8.6 | Parents' Guide & Review | Kids-In-Mind.com
Star Wars: Héros de la Galaxie - le guide des meilleurs personnages en 2024 - Le Blog Allo Paradise
Transfer and Pay with Wells Fargo Online®
Missouri Highway Patrol Crash
Ruben van Bommel: diepgang en doelgerichtheid als wapens, maar (nog) te weinig rendement
18889183540
Craigslist St. Cloud Minnesota
Encyclopaedia Metallum - WikiMili, The Best Wikipedia Reader
Telegram Voyeur
2023 Ford Bronco Raptor for sale - Dallas, TX - craigslist
Cal State Fullerton Titan Online
Barbie Showtimes Near Lucas Cinemas Albertville
Elanco Rebates.com 2022
Nicole Wallace Mother Of Pearl Necklace
Where Do They Sell Menudo Near Me
Http://N14.Ultipro.com
Federal Student Aid
Labyrinth enchantment | PoE Wiki
Tillman Funeral Home Tallahassee
Adam Bartley Net Worth
Why I’m Joining Flipboard
Comanche Or Crow Crossword Clue
Darkglass Electronics The Exponent 500 Test
Jimmy John's Near Me Open
Workday Latech Edu
Plumfund Reviews
Walmart Listings Near Me
116 Cubic Inches To Cc
Sleep Outfitters Springhurst
O'reilly's On Marbach
Sdn Dds
Latest Posts
Understanding the NFT Market in 2024: Dead or Alive?
How Many Credit Inquiries Are Too Many?
Article information

Author: Gov. Deandrea McKenzie

Last Updated:

Views: 6826

Rating: 4.6 / 5 (46 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Gov. Deandrea McKenzie

Birthday: 2001-01-17

Address: Suite 769 2454 Marsha Coves, Debbieton, MS 95002

Phone: +813077629322

Job: Real-Estate Executive

Hobby: Archery, Metal detecting, Kitesurfing, Genealogy, Kitesurfing, Calligraphy, Roller skating

Introduction: My name is Gov. Deandrea McKenzie, I am a spotless, clean, glamorous, sparkling, adventurous, nice, brainy person who loves writing and wants to share my knowledge and understanding with you.