Microsoft Intune is a cloud MDM (mobile device management) tool existing within Microsoft’s Endpoint manager. The tool is typically used by workplaces to control or better manage devices connected to their network. While this can be seen as scary due to the personal data made accessible through your devices, it’s a necessary measure for security.
| Your personal information | Does my company see it |
| Calls | No |
| Browser history | No |
| Contacts | No |
| Calendar | No |
| Password | No |
| Pictures | No |
| Files | No |
| App data | No |
| Personal profile data (corporate phones) | No |
| Phone number | Maybe |
| Location | Maybe |
| Network information | Maybe |
| Device model | Yes |
| Device storage space | Maybe |
| Device manufacturer | Yes |
| Operating system | Yes |
| Installed apps | Yes |
| Device owner | Yes |
| Device name | Yes |
| Device serial number | Yes |
| IMEI | Yes |
Now you have a general idea of what your company can and cannot see, we’d like to go into a little more detail where necessary to further elaborate on some minor details — like how installed app visibility varies between corporate and personal phones, what exactly is your IMEI and if you should be alarmed by any of the data your company can access. All that, and more, so please enjoy.
Quick links:
- Corporate vs personal phones: App visibility with Microsoft Intune
- What my IMEI tells my company about me
- Corporate vs personal phones: Phone numbers in Microsoft Intune
- Device Storage and Microsoft Intune
- Network information in Microsoft Intune
Corporate vs personal phones: App visibility with Microsoft Intune
To what extent are apps visible on my corporate phone?
Being company property, all installed apps and their names are accessible. This is a measure taken to ensure malicious software is not installed on the device. In the event such software does make it onto the device, company data will be at risk and you could be held partially accountable depending on your intent installing the app and the impact it had on the business. This is the case with most MDM platforms like Microsoft Intune.
Are all apps visible on personal phones too?
No, with your personal phone being your own property, your company has few arguments for viewing the content within it. Provide you have done nothing wrong. Despite this, your company is still able to view the presence of a managed group of applications on your phone. Such as those obtained from and managed via your workplace.
What my IMEI tells my company about me
What is an IMEI?
An IMEI serves as a unique 15 digit identifier for your mobile device. This identifier is primarily used to tell mobile phones apart from one another. A secondary use is for tracking phones, in the event it (and perhaps its owner) has gone missing. This can also be the case with tracking and limiting the usage of stolen phones too.
Does it link to me?
No, your IMEI has no direct link to you. IMEI is bound to your phone and will never change. At best, you could regard your IMEI as giving up your location when you connect to various networks, but this more so tells networks which phone in the world is connecting as opposed to which owner of said phone is connecting.
Why does Microsoft Intune display it?
IMEIs aren’t particularly personal, despite being factored in with personal information frequently. Using IMEI’s Microsoft Intune can deduce whether the phone it’s looking at is a corporate owned device, or not (in which case it would be treated as a personal phone).
Corporate vs personal phones: Phone numbers in Microsoft Intune
Under what circumstance is my phone number available?
Your full phone number is always available if you are using a corporate owned phone (not a corporate work profile). When you use a personal phone, only the last 4 digits of your phone number will be made available.
Does my phone number reveal anything?
If it’s your personal phone, unfortunately yes, your phone number reveals a lot. Aside from giving up a means to contact you, your phone number can be used to narrow down and predict where you live, associates/friends and social media accounts.
How does my phone reveal so much?
Unfortunately, for us, our phone numbers reveal so much because of us. This is because of how often we give out our phone number, to secure emails, register with surgeries, contact friends, organisations and sign-up for services (both online and off) and social media accounts. Most of which we do whilst passing all the additional information. In other words, our phone numbers are often right next to our name and identifying information.
Why does Microsoft Intune need my phone number?
As discussed previously, your full phone number, which is required to reveal most of the information it’s linked to, is only logged for corporate owned phones. Intune will only reveal the last 4 digits of personal phone numbers. It’s assumed this information (for corporate phones) can be used to contact employees. As for personal phones, the last 4 digits of your phone number infrequently match your colleagues. As such it can be a good way to distinguish who’s phone is who’s — in case your device name does not make it immediately obvious.
Device storage and Microsoft Intune
Why Microsoft Intune reveals device storage?
In the event it’s available, your company may use Microsoft Intune to observe your storage space. This will typically be done if they attempted to install a managed application for work and failed. On corporate phones they can see which app exhausts the most storage and potentially remove said app. On a personal phone however, they may only handle their managed applications and would need to discuss making more space with you.
Network information in Microsoft Intune
Why Microsoft Intune reads network information
Network information is usually monitored to track where devices currently are. Policy can be established via Microsoft’s Intune and Endpoint platforms to limit or disallow certain actions from devices or applications depending on the network information they’re sending Intune.
What use does this have?
- Company assets can be made inaccessible outside of the workplace
- Apps usability can be toggled depending on location
- For instance (on corporate phones) not being able to open social media when connected to the workplace network. Yet being able to access them after leaving.
- Lost phones can be tracked via their connection locations to various networks
- Additional actions can be made to protect your personal information based on this information too
Our related articles:
- Is it possible to enroll macOS devices in Intune – Want to BYOD to work, but perplexed as to whether or not your mac is viable? In this blog we’ll briefly explain what Intune is and how you can go about enrolling your macOS devices.
- How to group devices together in Intune – Organisation is key and that goes for anything- especially intune. In this you’ll learn about groups in Intune, and how you can use them to organise your company’s devices.
- How to use intune to deploy software – Work with Intune often and have a passion for software? If you think it’s ready for deployment, this post goes over everything you’ll need to know to deploy your first program via Microsoft Intune.
- What is Microsoft Intune and How does it work – Intune is a popular business embrace mobile device management platform offered within Microsoft’s Endpoint manager service. To find out more, have a read of this post and learn all there is to know about Microsoft Intune.