Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

All files access vs. "Work-related files"

Copper Contributor

To complete onboarding of my Android Work Profile, I need to setup MS Defender for Endpoint on my personal Android device. Defender continually prompts me for "All files access" permission, which I understand truly grants full, unmitigated access to all files -- including Downloads, random user-created file directories, and even other apps' data directories.

 

However, the Defender docs indicate that "On devices with a Work Profile, Defender for Endpoint only scans work-related files."

 

This prompts a handful of privacy questions:

  •  Is there a more exhaustive definition of what constitutes a work-related file?
  • Is there some safeguard in place to avoid scanning other files that are not "work-related"?
  • Do other actions besides scanning take place? If so, do those actions include files besides those deemed "work-related"?
  • Is any information about my non-"work-related" data collected and/or transmitted by MSDefender? For example, names/paths/extensions of files or directories?
0 Replies