[ad_1]
Apple @ Work is brought to you by Spike, the world's first conversational messaging application that helps professionals and teams spend less time on e-mail and more to get things done.
One of the things I often hear about mobile device management solutions from my tech-focused friends is they hate when the IT departments of their company "suck" their devices into the management system chosen by the company. For those who like to tinker, configure and manage their own devices, having them "managed" may seem big Brother looked. Fortunately, Apple has clear APIs on how its devices interact with MDMs, allowing end users to make sure their IT does not have access to all on their devices. If you're wondering if your IT department can read your iMessages, you're in the right place.
About Apple @ Work: Bradley Chambers has been managing a corporate computer network since 2009. He has extensive experience in deploying and managing firewalls, switches, a mobile device management system, and a network. Wi-Fi for business, several hundred Macs and several iPads, Bradley will highlight the ways IT managers deploy Apple devices, build networks to support them, train users, tell stories from the foundations of IT management and allow Apple to improve its products for IT services.
One of the first things to understand if your company uses a MDM is whether an iOS device is supervised or not (the supervision is only for iOS). Apple offers a support page to help you find out if your device is supervised.
Supervision gives schools and businesses greater control over the iOS devices that they own. With supervision, your administrator can apply additional restrictions, such as disabling AirDrop or preventing access to the App Store. It also provides additional configurations and features, such as silent application update or Web usage filtering. By default, your iPhone, iPad, or iPod touch is not supervised. Supervision can only be enabled when you set up a new device. If your iPhone, iPad or iPod touch is not currently supervised, your administrator must completely erase your device in order to configure the supervision.
If your devices are supervised, a message at the very top of the Settings screen will appear: "This iPhone is monitored and managed by Company, Inc.". If you do not see this message, your device is do not supervised. If devices are monitored, you can go to Settings> General> Profiles and Device Management to see what a company has changed exactly from the iOS default. When a company oversees a device, it has more control than it normally would. Most of this additional control is not access to more data, but the ability to impose more restrictions on what you can do.
Can my IT department track my position?
This question often comes up for iPhone users in business. This question has three parts. If you are connected to a corporate Wi-Fi network, your IT department can determine if you are there. If your business has a follow-up service through a mobile carrier, they can determine where you are. With MDM, IT can only track your device when it is in lost mode. The managed lost mode is only available for supervised devices. Only registered users of the MDM portal will be able to locate the device. Managed lost mode is not permanent and must be disabled before the device can be used again.
Can my IT department read iMessages?
No, SMS messages and iMessages are not visible to your IT department. An MDM can transmit information about the number of messages or contracts, but it can not see who or what you sent messages with the help of the email application. SMS messages may be viewed by a mobile operator, but this does not apply to Apple or iMessage. However, an IT department may disable the use of the Messages application. This setting is typically used for devices with a specific purpose.
One thing to keep in mind is that if you are logged in to iMessage on a device belonging to your company, if it caught you, it could unlock it and display your messages. Apple is here to let IT manage the use of iMessage, but not to allow your messages to be viewed remotely.
Can my IT department display my photos in the Photos app?
As with iMessage, there is no MDM protocol for viewing, editing, or deleting photos in the Photos app (including iCloud Photos). IT departments can see the number of photos you have but not see them (or see the EXIF data associated with them). However, they can disable features like iCloud Photos. Disabling this option could prevent users from overloading a managed Apple ID with media other than educational or enterprise media. It is also wise for end users to know that applications that request access to your photo library can view all your photos and location data stored with them.
Can my IT department read my personal email accounts?
If you're using webmail, the IT department can probably say you've used a personal email account, but it can not read what you've sent. If you use a local email application, they can not view your emails either. However, IT services can specify whether you can add or remove mail accounts outside of what they specify.
Can my IT department remotely control my device?
On the iOS side, they can not. The Mac has remote control options, but the Mac sends a pop-up window when it's remotely controlled. The interest of a MDM is management vs control / surveillance. On the Mac side, IT can use more invasive tools, but Apple does not have a formal API for that. In a BYOD situation, I would not allow IT to install anything other than an MDM profile.
Can my IT department view the history of my browser?
By using the Apple MDM APIs, no, they can not. As I said earlier, MDM is about management. Your IT department can install more invasive tools on the macOS side, but they can not control the history of your Safari or Chrome via a tool like Jamf. They can limit which sites you can access, block a web browser, or force you to use a VPN on the corporate network (where they can monitor traffic), but they can not display a list on the portal MDM of your visited websites.
Wrap
I hope this answers some basic questions about managing your device. I know that using a personal iPhone to access corporate email can be a little annoying if MDM is required for access, but Apple is still concerned about the privacy of end users, even in professional situations. The last thing Apple wants is that a computer service reads your iMessages.
On the iOS side, the MDM is about as strict as possible. On the Mac side, IT departments can install more invasive tools. If it's a business-owned device, suppose someone is watching your screen. If it is a personal device to which an MDM profile has been added, the IT team is limited by the limits of Apple. One last thing to keep in mind is that a device belonging to the company and managed can be unlocked by IT departments. Therefore, if you are connected to personal services such as iMessage and iCloud Photos, be sure to disconnect before returning the device.
Thanks to Spike for sponsoring Apple @ Work. Spike's conversational email gives your team super powers. Turn your email into the only workspace application you'll need. Chat, email and great collaboration tools to save time, all in one place. Do more with Spike. Try it for free on all platforms now.
Check out 9to5Mac on YouTube for more information on Apple:
[ad_2]
Source link