Forum Discussion
InTune Access to multiple accounts MS environment
Greetings,
I have installed inTune on my personal iPad along with my employers device management profile and various applications.
I also have my own Office 365 suite of apps and my own small business Microsoft account ( no device management profile).
I am now able to access Office 365 and associated apps like OneDrive, SharePoint etc via both employer and personal MS accounts. Does my employers device management now enable them to see/access my personal details on OneDrive/SharePoint when I’m logged into MS environment with my personal account?
also, I have multiple personal email accounts configured on MS Outlook but have yet to setup my employer email due to the same concern.
Can anyone kindly share the breadth or limits of an employers access once intune device management is configured?
thanks in advance.
Sam
Hello SamHH2023,
I totally understand your scenario, I get the same concern from every customer of mine, which it’s understandable.
Unlike Android device, in all Apple devices iOS/iPadOS, there is invisible container which it separates the business date and the private date, which it means if your employer were to remove the business date from outlook, your private email will be untouched.
Another example, you probably have outlook synced business contacts in your native Apple contact app, which it seems that your business and private contacts are mixed up. But in fact they are in two different invisible containers.
I can write you more examples, but you can rest assure that your private date is unaccessible by Microsoft Intune.
if you found my answer helpful, please mark it as best answer.
best regards
Shady Khorshed
7 Replies
- Hi SamHH2023,
Even if you have device enrolled in MAM (Application Management), the organization has no visibility of the personal data that you access with your non corporate application. The organization has control over the data that are being generated from corporate applications. In the event of loss, theft, or termination of employment, the employer can stop data exfiltration and remotely remove company data from the device.
Thanks,
Arghya RoyIn a Mobile Application Management (MAM) scenario, where a device is enrolled in MAM, the organization typically has control over corporate applications and data, but not necessarily over personal applications and data. MAM allows organizations to manage and secure corporate data on mobile devices without having complete control over the device itself.
- Couldnt agree more!
- Hi Arghya,
Thanks for the reply. As shared above with ShadyKhorshed, my concern is specifically around “corporate applications” that I happen to also use for personal use.
Let me know if you can help.
Thanks
SamHello SamHH2023,
I totally understand your scenario, I get the same concern from every customer of mine, which it’s understandable.
Unlike Android device, in all Apple devices iOS/iPadOS, there is invisible container which it separates the business date and the private date, which it means if your employer were to remove the business date from outlook, your private email will be untouched.
Another example, you probably have outlook synced business contacts in your native Apple contact app, which it seems that your business and private contacts are mixed up. But in fact they are in two different invisible containers.
I can write you more examples, but you can rest assure that your private date is unaccessible by Microsoft Intune.
if you found my answer helpful, please mark it as best answer.
best regards
Shady Khorshed
Hello SamHH2023,
What you just described is called “Managed device” which you’ve enrolled your device via intune-company portal.
Hence, your employer can ONLY see/manage their business data. As for your personal date (Emails, pictures,Video…etc) your employer has zero access nor can see anything from your private date.
Hint: during your intune-company portal enrollment, surely you’ve came across a phase where state that intune has no access on your private date.
best regards
shady Khorshed
- Hi Shady,
Correct, it is indeed a Managed Device via the intune company portal and yes, I do understand and did read the disclaimers about the employer not having access to photos etc. specifically for ‘non managed applications.”
However my question relates to “managed applications”. In my scenario, the managed applications happen to be used by both personal and work accounts. Specifically, products in the Office 365environment where I can have multiple profiles.
As an example, if I were to have employer and personal email/ accounts in outlook or OneDrive, both are within what inTune calls managed applications.
Hence the concern.
Any insight on this specific scenario would be greatly appreciated .
Thanks in advance.
