Hacker News new | past | comments | ask | show | jobs | submit login

Our organization is using Office365.

Either by accident, or just defaults getting increasingly more tight, Outlook won't connect to the account unless I allow it to be a device administrator.

On my personal phone, that's a hard no. So I'm using the PWA for the occasions I NEED to check email.

But a TOTP app of my choice, implementing a standard RFC protocol? I think that's okay, on the condition that it does not mean my phone is in scope for any regulations the company is mandated to adhere to.




In the past I believe this was so that if the phone was lost it could be remote wiped for security.

I agree that's a hard no for personal devices though.


It can be less intrusive, but it depends how the person in charge of mobility set things up and the MDM tool capabilities.

On Android you can define a device as corporate owned, which mean the employer have full control over the device, or it can be user owned and instead of taking control of the entire device, it makes a sandbox in which the corporate data resides, and the mobility admin can only touch what is inside that sandbox. If the phone is lost or the employee leave the business, you can remotely wipe the sandbox while leaving the user data untouched.

IMO this is a better approach, but it depends on how the system is set up.


Personally, that's still an unacceptable approach. There is no way I'm going to allow any employer to have any degree of access to my phone. If my employer needs me to use a phone for work purposes, my employer needs to provide a work phone to me.


And that's entirely your right not to use your personal device for work, and I agree with your position, while some others might be more lenient and will accept to have it on their personal device for the convenience of carrying and charging only one device.

It's nice having some flexibility for the different mindsets, but as long as the tools are provided by the employer when they're mandatory I don't see a problem.


We tried this but didn't make an exception for outlook or teams so it was useless.

I'm not going to turn that sandbox on when I'm not at work.


Famous problem is that it breaks twrp (work profile). You need disable fingerprint unlock every time, which is very annoying


that's almost true, theatre some policies that employer can force that are device wide, like forcing pin unlock or disabling developer settings


My university tried to do this with all android devices connecting to their exchange too a few years back. Hard no from me. I’m not letting some random person in IT wipe my phone remotely because they mixed me up with someone, or because I’m getting fired/expelled.


Amazing how they will install spyware to wipe the device but not to back up the device




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: