Your Trade Unions cN legally block someone from securing their information when someone else runs off with it?
That sounds backwards and broken. Such is law.
So what's your plan?
Realistically, I don't see Microsoft removing the remote wipe option from Exchange just because you don't trust your company to use the option in a responsible manner.
I work as the Network Administrator for a Rural Health Clinic and it clearly states in our Electronics Usage Agreement that every employee signs that if your phone or other mobile device receives any work information, including emails, that the device is therefore subject to company viewing at any time even without prior notice or warning. It also explains that the device, if thought necessary, can be wiped in either part or whole due to potential sensitive materials being seen, used or saved onto your device. This is very widely used and implemented in corporate settings, especially within health care organizations.
You can try using Divide (http://www.divide.com/) or perhaps set up some sort of forwarding of (some) work email to another non-work address that you can then check (if that's allowed).Right, this thread has made me delete both my work accounts of my phone. So I guess I'll never be checking my work emails again
It seems the thread was originally focused more on why the phone wouldn't notify you that now certain additional remote controls and/or other policies were being added/enacted on your phone when you were adding an Exchange account with such policies--seems like it'd be fairly straightforward for the phone to let you know of that at least. As well as why wouldn't the work notify you of that either--which is more of an individual thing based on the job and the IT department and all that.Reading this thread: what the heck is wrong with some of you?
Yeah, your device can be wiped. That is how it was designed. This isn't new. This is a failsafe.
Remove your work account? What kind of idiotic place do you work at that you're afraid of people randomly erasing your device for no apparent reason? Do you think this is a common thing, to have your device randomly erased??
Also, have you not heard of backups? My work can wipe my phone all they want. I won't lose anything. This is also how it has been designed.
Look, if your phone is lost or stolen, you want it wiped so that no one can get to your stuff.
If you physically possess the phone, getting "wiped" doesn't matter. You can simply put stuff right back on it.
If you're not backing up, you're a fool.
If you think it's a problem that your employer doesn't have the right to wipe their property that you chose to put on your device, you're a fool.
The "I just removed my work email account" mentality doesn't make sense. What kind of stupid **** are you doing with your phone or work data that you're afraid of?
gives them access to the rest of the phone.
false
I use my personal phone to access my work email and calendar through our Exchange Server
Your first mistake.
this apparently gives my IT Department the ability to completely wipe my iPhone remotely.
Correct, well known, publicized and documented.
Shouldn't iOS notify me that this is a possibility?
It's your account, with your credentials, you are specifically adding this service to your handset. You should know the terms.
what else can my employer see on my personal iPhone?
Nothing. Where did you get that idea?
Try http://www.divide.com/ to authenticate to Exchange for work. Then all they can wipe is the content of the app.
FWIW, here's a list from Apple showing everything that they allow MDMs (like AirWatch) to "see" on your device.Actually, they can. My company uses AirWatch MDM. They can see what you do, erase your phone, etc. Corporate owned or personal.
Querying Devices
In addition to configuration, an MDM server has the ability to query devices for a variety of information. This information can be used to ensure that devices continue to comply with required policies.
Supported queries
Device information
Unique Device Identifier (UDID)
Device name
iOS and build version
Model name and number
Serial number
Capacity and space available
IMEI
Modem firmware
Battery level
Supervision status
Network information
ICCID
Bluetooth® and Wi-Fi MAC addresses
Current carrier network
Subscriber carrier network
Carrier settings version
Phone number
Data roaming setting (on/off)
Compliance and security information
Configuration Profiles installed
Certificates installed with expiry dates
List all restrictions enforced
Hardware encryption capability
Passcode present
Applications
Applications installed (app ID, name, version, size, and app data size)
Provisioning Profiles installed with expiry dates
I still wonder why with all the built-in usability into the iPhone that the phone (the OS) can't at least show you a notification when you are adding an account of such type where it would allow for some remote control of your phone (even if that control was never to be used). The phone seems to know of it, so why not show even a generic notice with a simple OK button at least to tell the user.Yep, and it is at this point that I reiterate my previous two points.
1. Most businesses / IT Departments don't notify their users of this feature because they have no intention of using it, and apparently, some tech folks didn't even know it existed. I'm pretty sure you're fine.
2. If you're really worried, bake your IT guys cookies. It's a well-known fact that cookies keep all IT folks from randomly wiping devices. If you don't believe me, ask your IT staff, and I'm sure they would confirm my story. Well, a few oddballs have been rumored to want cake instead, but those cases were never independently confirmed.
You can try using Divide (http://www.divide.com/) or perhaps set up some sort of forwarding of (some) work email to another non-work address that you can then check (if that's allowed).
Agreed. I think someone mentioned earlier in this thread that Android gives users that notice.The phone seems to know of it, so why not show even a generic notice with a simple OK button at least to tell the user.
It is based on policy's as mentioned by another poster.
When you setup work email on your personal device like a phone or tablet, your phone agrees to the rules put in place on the mail server set forth by your IT dept.
I do the same thing here for our company. I have rules in place that give me the ability to wipe the phone. It is like this as not to be mean, but since your device has company information on it and if you lose it or someone steals it, the company doesn't want to be held liable for something that could get into the wrong hands, like someones SS# or other personal info. So that is why security is in pace on our mail server, which requires the user to have to enter in a PIN code an so forth. And along with the security rules comes remote wipe.
Now I do make my employees sign a waver acknowledging this. And then there device is added to the list of approved devices on the server and then they can proceed with email on their phone or tablet.
Your IT dept should have notified you of what is at stake here. I do with every employee that requests email on their mobile device.
I have only had to remote wipe once due to a user quitting and going to a competitor and they tried to keep the phone and the phone number (like we wouldn't know), so I sent out the remote wipe command and was alerted that it was complete and then I had the number shut off. (this was a company phone).
But like I said, I alert all employees of this policy and make them sign a waver, so they have nothing to gripe about if it ever did happen. And our employees simply cannot just enter in our work information on their mobile device to gain access to our email, the device has to be approved and their Device ID has to be entered into the system.
And most likely your employer cannot see anything on the phone, just that the phone is receiving company email.
The Exchange ActiveSync protocol allows a remote wipe.Out of curiosity and maybe because I'm tired and nothing thinking right. But how do you actually remote wipe an employees personal device? By bringing their personal device, do you also install software on the device to allow this functionality?
Out of curiosity and maybe because I'm tired and nothing thinking right. But how do you actually remote wipe an employees personal device? By bringing their personal device, do you also install software on the device to allow this functionality?
I understand with iCloud you can send a remote wipe, but you wouldn't be setting up an employee's personal phone for this.
Unfortunately at least sometimes, if not often, without your knowledge of that--neither the phone (which can and should easily do it) nor your employer (who is also supposed to do it) might tell you about it, and that's kind of the crazy part of it all.No, the employer can wipe the phone so it's just like it came from the box.
----------
When you connect it to your employer's Exchange server, you automatically grant remote wipe privileges to the server. No other software needs to be installed.
Unfortunately at least sometimes, if not often, without your knowledge of that--neither the phone (which can and should easily do it) nor your employer (who is also supposed to do it) might tell you about it, and that's kind of the crazy part of it all.
Not only that, but aside from being able to remotely wipe your phone, which they might never really do, they can and often do enforce other things through this: like certain passcode requirements, possible app restrictions, etc.
And the phone itself should really be able to surface some sort of notice about this kind of thing as well when it comes to adding accounts of this nature.I totally agree, any company that lets users connect their personal devices to company resources should make them sign a release outlying exactly what they can do to your device.
And the phone itself should really be able to surface some sort of notice about this kind of thing as well when it comes to adding accounts of this nature.