this post was submitted on 30 May 2024
201 points (93.9% liked)
Asklemmy
43916 readers
953 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You work in cybersecurity, yet you have company-controlled assets on your personal phone?
X DOUBT
Either you don’t give a single sh*t about your personal privacy, or…
And no, this isn’t “Microsoft bad”, this is “your company is inherently and fundamentally untrustworthy”. The app is, IMHO, one of the best ones out there, I would just never trust any company I worked for to keep their nose out of my personal life. A lot of the software that companies use to lock down mobile devices are hella invasive, and any company asset on a phone typically includes a demand to install the security software as well. Any of that shit should ALWAYS be on a company-provided phone, bro.
Here's the rub, I've been through enough of this to take a realistic, risk based approach to security. Knee-jerk reactions like the one you are giving are not really useful. Step back for a moment and think about what's going on here. First and foremost, this isn't MDM on a device, that's entirely different from installing the MS Authenticator app from the public Google Play store and adding a work account to it. So no, the company is not able to go rooting around in the user's device willy-nilly. Second, even with MDM, IT control of the user's device isn't what it used to be. Google implemented containerization of work profiles some time back. Without Work Profiles and containerization, I would agree that enrolling my personal device in MDM carries too much risk to my privacy and also having my device remote wiped. But, the advance of technology has altered that calculus. While there are still risks to consider with having a work profile on my device, it's also not as worrisome as it used to be.
Security isn't some binary thing. There is no hard and fast set of rules, given from some entity on high. It's a game of deciding what risks are acceptable and what risks need to be mitigated and how. If you work for a company which you believe is trying to use MDM to go rooting around in your personal device, I'd suggest finding an new job. This isn't to say you should trust the company 100%; but, you need to take a realistic look at what the ask is, what risks it carries and if the trade-off in convenience is worth it. The risks inherent in the MS Authenticator app are basically nil. At least on Android, you can audit it's permissions and disable the ones you don't want it to have. The app provides zero control over the device to the company. Really, there's just nothing there to get your panties in a bunch about.
But hey, if knee-jerk reactions are your thing, then you do you. This whole tempest in a teapot still amounts to "Microsoft bad".