You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune.md
+63-21Lines changed: 63 additions & 21 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,12 +2,12 @@
2
2
# required metadata
3
3
4
4
title: What info can your company see when you enroll your device?
5
-
description: Explains what IT can and can't see on your managed device.
5
+
description: Describes the information on your enrolled device that's visible to your organization.
6
6
keywords:
7
7
author: lenewsad
8
8
ms.author: lanewsad
9
9
manager: dougeby
10
-
ms.date: 09/28/2021
10
+
ms.date: 05/31/2022
11
11
ms.topic: end-user-help
12
12
ms.prod:
13
13
ms.service: microsoft-intune
@@ -32,10 +32,16 @@ ms.collection:
32
32
33
33
# What information can my organization see when I enroll my device?
34
34
35
-
Your organization cannot see your personal information when you enroll a device with Microsoft Intune. When you enroll a device, you give your organization permission to view certain pieces of information on your device, such as device model and serial number. Your organization uses this information to help protect the corporate data on the device.
35
+
Your organization can't see your personal information when you enroll a device in Microsoft Intune. Enrolling your device makes certain information, such as device model and serial number, visible to IT administrators and support people with administrator access. This article describes everything your organization can and can't access on an enrolled device, and explains why certain data is made visible.
36
36
37
+
We use the following terms in this article:
37
38
38
-
**What your organization does not see:**
39
+
* Support person: This is the person or department at your organization that you're supposed to contact if you're having problems with your device. They provide technical support for device setup, enrollment, and access.
40
+
* IT administrator: *IT admin* for short, this person or team of people configure the Microsoft Intune device management and enrollment settings for your organization. Some IT admins also provide technical support.
41
+
42
+
## Things your organization can never see
43
+
44
+
Your organization can't see:
39
45
40
46
- Calling and web browsing history
41
47
- Email and text messages
@@ -44,33 +50,69 @@ Your organization cannot see your personal information when you enroll a device
44
50
- Passwords
45
51
- Pictures, including what's in the photos app or camera roll
46
52
- Files
47
-
- Additionally, for corporate-owned Android devices with a work profile:
53
+
- Additionally, on corporate-owned Android devices with a work profile:
48
54
- Apps and data in your personal profile
49
55
- Phone number
50
56
51
-
**What your organization can always see:**
57
+
## Things your organization can always see
58
+
59
+
Your organization can always see:
52
60
53
-
- Device model, like Google Pixel
54
-
- Device manufacturer, like Microsoft
55
-
- Operating system and version, like iOS 12.0.1
56
-
- App inventory and app names, like Microsoft Word. On personal devices, your organization can only see your managed app inventory. For corporate devices, your organization can see all of your app inventory. For corporate-owned Android devices with a work profile, your organization can only see the app inventory in your work profile.
57
61
- Device owner
58
62
- Device name
59
63
- Device serial number
60
-
- IMEI
64
+
- Device model, such as *Google Pixel*
65
+
- Device manufacturer, such as *Microsoft*
66
+
- Operating system and version, such as *iOS 12.0.1*
67
+
- Device IMEI
68
+
- App inventory and app names, such as *Microsoft Word*
69
+
- On personal devices, your organization can only see your managed app inventory, which includes work and school apps.
70
+
- On corporate-owned devices, your organization can see all apps installed on the device.
71
+
- On corporate-owned devices with a work profile, which is limited to Android devices, your organization can only see the apps installed in your work profile.
61
72
62
73
> [!NOTE]
63
74
> Organizations cannot see all app inventory on Android Enterprise fully managed devices, corporate-owned work profile devices, and dedicated devices.
64
75
65
-
> [!NOTE]
66
-
> An app is considered **managed app** when installed in one of the following ways:
67
-
> 1. A user installs it from Company Portal app after it is published as **available** by an Intune admin.
68
-
> 2. The app is published as **required** by an Intune admin and is installed on the device.
76
+
### What is a managed app?
77
+
An app is considered a **managed app** when it's installed in one of the following ways:
78
+
* You install it from the Company Portal app after your organization makes it available to you.
79
+
* Your organization requires you to have a certain app for work and school and automatically installs it on the device upon enrollment.
80
+
81
+
## Things your organization might see
82
+
83
+
Your organization can see and access certain aspects of your device when assisting with or troubleshooting device setup. This section describes the type of information available.
84
+
85
+
### Phone number
86
+
If you're using a corporate-owned device (excluding corporate-owned devices with a work profile), your organization can see your full phone number. If you're using a personal device, they can see the last four digits of your phone number.
87
+
88
+
> [!TIP]
89
+
> You can view the ownership type for your device on the Intune Company Portal > **Device Details** page.
90
+
91
+
### Device storage space
92
+
If you have trouble installing a required app, your support person may look at your storage size to find out if low space is the cause.
93
+
94
+
### Location
95
+
96
+
* Corporate-owned device: Your organization can view the location of a lost device.
97
+
* Personal device: Your organization can't view the location of a personal device.
98
+
99
+
Your organization can put a missing, corporate-owned iPhone or iPad into *managed lost mode*, which lets them request the location of the device. When someone requests access to the device location, the device locks and a message appears on the lock screen to explain what's happening. For more information about *supervision*, which is a type of configuration for corporate-owned Apple devices, see [Get started with a supervised iPhone, iPad, or iPod touch](https://go.microsoft.com/fwlink/?linkid=853816) in the Apple support docs.
100
+
101
+
### App inventory details
102
+
103
+
Your organization can require you to install a mobile threat defense (MTD) app. If you're required to install an MTD app on your device:
104
+
105
+
* Corporate-owned device: Your organization can view details about all apps on the device.
106
+
* Personal-owned device: Your organization can only view the details of your managed apps.
107
+
108
+
For more information about mobile threat defense, see [Install mobile threat defense app](set-up-mobile-threat-defense.md).
109
+
110
+
### App permissions
111
+
*Applies to devices running Android 11 and earlier*
112
+
113
+
An IT admin can grant permission to apps in the work profile, both manually and by automation. The IT admin does this to reduce the number of prompts you receive. The permissions could be for things like the camera, microphone, and location. If your device is running Android 11, you'll receive a push notification when someone grants permission to an app.
114
+
115
+
### Network information
116
+
Some information about network connections for Android devices may be available to your organization. For example, if your organization requires devices to remain within a certain building, your device would identify the network where it's connected.
69
117
70
-
**What your organization might be able to see:**
71
118
72
-
- Phone number: If you're using a corporate-owned device (excluding corporate-owned work profile), your full phone number is visible to your organization. If you're using a personal device, the last four digits of your phone number are visible. You can see the ownership type for each individual device on the Intune Company Portal > **Device Details** page.
73
-
- Device storage space: If you can't install a required app, your organization might look at your device's storage space to figure out if space is too low.
74
-
- Location: For corporate-owned devices, your organization can see the location of a lost device. For personal devices, your organization does not see the device location. Visit the [Apple iOS documentation](https://go.microsoft.com/fwlink/?linkid=853816) to learn more about supervised devices.
75
-
- App inventory details: If your organization uses Mobile Threat Defense, they will be able to view details about the apps that are on your iOS device. Find out more about [Mobile Threat Defense](set-up-mobile-threat-defense.md). Otherwise, for personal-owned devices, your organization can only see your managed app inventory. For corporate-owned devices, your organization can see all of your app inventory.
76
-
- Network information: Some information about network connections for Android devices may be available to your organization support. For example, if your organization requires devices to remain within a certain building, your device would identify the network where it is connected.
0 commit comments