A complete guide to the personal data your company sees with Microsoft Intune

Microsoft Intune is a cloud MDM (mobile device management) tool existing within Microsoft’s Endpoint manager. The tool is typically used by workplaces to control or better manage devices connected to their network. While this can be seen as scary due to the personal data made accessible through your devices, it’s a necessary measure for security.

Your personal informationDoes my company see it
Browser historyNo
App dataNo
Personal profile data (corporate phones)No
Phone numberMaybe
Network informationMaybe
Device modelYes
Device storage spaceMaybe
Device manufacturerYes
Operating systemYes
Installed appsYes
Device ownerYes
Device nameYes
Device serial numberYes

Now you have a general idea of what your company can and cannot see, we’d like to go into a little more detail where necessary to further elaborate on some minor details — like how installed app visibility varies between corporate and personal phones, what exactly is your IMEI and if you should be alarmed by any of the data your company can access. All that, and more, so please enjoy.

Quick links:

Corporate vs personal phones: App visibility with Microsoft Intune

To what extent are apps visible on my corporate phone?

Being company property, all installed apps and their names are accessible. This is a measure taken to ensure malicious software is not installed on the device. In the event such software does make it onto the device, company data will be at risk and you could be held partially accountable depending on your intent installing the app and the impact it had on the business. This is the case with most MDM platforms like Microsoft Intune.

Are all apps visible on personal phones too?

No, with your personal phone being your own property, your company has few arguments for viewing the content within it. Provide you have done nothing wrong. Despite this, your company is still able to view the presence of a managed group of applications on your phone. Such as those obtained from and managed via your workplace.

What my IMEI tells my company about me

What is an IMEI?

An IMEI serves as a unique 15 digit identifier for your mobile device. This identifier is primarily used to tell mobile phones apart from one another. A secondary use is for tracking phones, in the event it (and perhaps its owner) has gone missing. This can also be the case with tracking and limiting the usage of stolen phones too.

Does it link to me?

No, your IMEI has no direct link to you. IMEI is bound to your phone and will never change. At best, you could regard your IMEI as giving up your location when you connect to various networks, but this more so tells networks which phone in the world is connecting as opposed to which owner of said phone is connecting.

Why does Microsoft Intune display it?

IMEIs aren’t particularly personal, despite being factored in with personal information frequently. Using IMEI’s Microsoft Intune can deduce whether the phone it’s looking at is a corporate owned device, or not (in which case it would be treated as a personal phone).

Corporate vs personal phones: Phone numbers in Microsoft Intune

Under what circumstance is my phone number available?

Your full phone number is always available if you are using a corporate owned phone (not a corporate work profile). When you use a personal phone, only the last 4 digits of your phone number will be made available.

Does my phone number reveal anything?

If it’s your personal phone, unfortunately yes, your phone number reveals a lot. Aside from giving up a means to contact you, your phone number can be used to narrow down and predict where you live, associates/friends and social media accounts.

How does my phone reveal so much?

Unfortunately, for us, our phone numbers reveal so much because of us. This is because of how often we give out our phone number, to secure emails, register with surgeries, contact friends, organisations and sign-up for services (both online and off) and social media accounts. Most of which we do whilst passing all the additional information. In other words, our phone numbers are often right next to our name and identifying information.

Why does Microsoft Intune need my phone number?

As discussed previously, your full phone number, which is required to reveal most of the information it’s linked to, is only logged for corporate owned phones. Intune will only reveal the last 4 digits of personal phone numbers. It’s assumed this information (for corporate phones) can be used to contact employees. As for personal phones, the last 4 digits of your phone number infrequently match your colleagues. As such it can be a good way to distinguish who’s phone is who’s — in case your device name does not make it immediately obvious.

Device storage and Microsoft Intune

Why Microsoft Intune reveals device storage?

In the event it’s available, your company may use Microsoft Intune to observe your storage space. This will typically be done if they attempted to install a managed application for work and failed. On corporate phones they can see which app exhausts the most storage and potentially remove said app. On a personal phone however, they may only handle their managed applications and would need to discuss making more space with you.

Network information in Microsoft Intune

Why Microsoft Intune reads network information

Network information is usually monitored to track where devices currently are. Policy can be established via Microsoft’s Intune and Endpoint platforms to limit or disallow certain actions from devices or applications depending on the network information they’re sending Intune.

What use does this have?

  • Company assets can be made inaccessible outside of the workplace
    • Apps usability can be toggled depending on location
    • For instance (on corporate phones) not being able to open social media when connected to the workplace network. Yet being able to access them after leaving.
  • Lost phones can be tracked via their connection locations to various networks
    • Additional actions can be made to protect your personal information based on this information too

Our related articles:

  • Is it possible to enroll macOS devices in Intune – Want to BYOD to work, but perplexed as to whether or not your mac is viable? In this blog we’ll briefly explain what Intune is and how you can go about enrolling your macOS devices.
  • How to group devices together in Intune – Organisation is key and that goes for anything- especially intune. In this you’ll learn about groups in Intune, and how you can use them to organise your company’s devices.
  • How to use intune to deploy software – Work with Intune often and have a passion for software? If you think it’s ready for deployment, this post goes over everything you’ll need to know to deploy your first program via Microsoft Intune.
  • What is Microsoft Intune and How does it work – Intune is a popular business embrace mobile device management platform offered within Microsoft’s Endpoint manager service. To find out more, have a read of this post and learn all there is to know about Microsoft Intune.

Jack Mitchell

Jack Mitchell has been the Operations manager at telecoms and MSP Optionbox for more than 4 years. He has played a crucial role in the company, from marketing to helpdesk, and ensures that the IT requirements of over 300 clients are continuously met. With his innate passion for technology and troubleshooting and a particular interest in Apple products, Jack now delivers the most comprehensive tech guides to make your life easier. You can connect with Jack on LinkedIn.

Recent Posts