• [deleted]

  • Edited

Hi,

I have the possibility of obtaining certain apps that I use at work (office 365 : outlook, sharepoint, teams, word, excel), with intune, to have some security settings, on my personal telephone.
I downloaded the intune portal application, and when I connect to it, it asks me to validate the configuration of my phone, basically what my company (and therefore microsoft...) will have access and will not have access.
No problem on most things, i don't care, but it also requires giving the phone's IMEI, which I don't really want.

But I'm not sure understand, I thought apps didn't have access to the IMEI? Is it possible to keep this information hidden for intune?

    [deleted]
    I haven't used this app, so I'm not personally familiar with it. It looks like a device admin app, which means, depending on the setup, your company could have admin access to your phone. That means having way more permissions than a standard app, even having the permission to remotely wipe your phone. It's not surprising that a device admin app would have access to hardware identifiers, though I don't know how that works on GrapheneOS.

    You can look over Android docs about device administration to get an idea of what they can do, specifically the sections on policies and other features following that table of policies.

    Check out what Intune can do from the management console: https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune

    If you don't want this app, your employer, or Microsoft to have special access to your phone's settings, don't give the app device admin privileges. I think it's unlikely you'd get access to the 365 apps without giving Intune admin access.

    Personally, I wouldn't do it. If an employer needs an employee to do work from their phone, the company can give them a work phone. Alternatively, they could create a managed email that gives access to these apps. Using Intune to take over users' personal phones seems like crazy overreach to me.

    btw, if you want to see if you already gave the app access to device admin, check settings here: Settings > Apps > Special app access > Device admin apps > Company Portal

      • [deleted]

      unwat

      Thanks

      I don't need my phone to work, it was just a comfort not to have to turn on my PC every time when I'm at home.
      And I can't have a phone for work (even if the budget allowed it, don't want 2 phones on me)
      But indeed, I hadn't understood how far itunes went.
      I thought it just synced the policy across the affected apps, but after doing some testing on another device and reading the doc, it still requires more and more access on the phone and I'm not interested in giving away so many privileges.

      Settings > Apps > Special app access > Device admin apps > Company Portal

      Thank you for the path, I had never paid attention.