My employer requires us to install mdm software on our personal devices and we aren’t given an option for BYOD. The software is mainly used to access mobile email via outlook, but the VPN app they require lists Outlook, web (multiple domains), and Safari (multiple domains) all as included apps.
Unsure about what additional info to provide but really just wondering if the mdm and vpn could give access to my network traffic on my personal device.
Which phone and what MDM do you have? If it’s a work profile on a personal device then yes it is BYOD essentially. However that only monitors a segregated profile on the phone so has zero access to anything other than work data and very basic hardware info. It doesn’t give any control over the device.
If it’s a full on enrollment then it should be a flat out refusal from yourself. If you’re required to download and enroll personal devices into a fully managed MDM then that’s a red flag. Your employer should be giving out devices to fulfil mobile work functions if BYOB is not supported. As much more data can be seen and other actions such as remote configuration, device locking, password resetting is possible. (MDM solution and device dependent).
My employer requires us to install mdm software on our personal devices and we aren’t given an option for BYOD.
Depending on your locale that actually may not be legal. If the company requires work then they need to provide the tools needed to do so. If using a personal device is optional that is one thing, but if the company is requiring use of personal devices to perform work then that’s quite another matter.
wondering if the mdm and vpn could give access to my network traffic on my personal device
Yes, most definitely. An MDM can also wipe your personal device without your consent.
When you say “We aren’t given an option for BYOD” - do you mean your employer is forcing everyone to use their personal machines for work, and not offering access to VMs or a company-purchased machine? That’s very disappointing if that’s the case. If instead you mean anyone choosing to do BYOD are required to install the software, then I would simply recommend getting the company provided device.
Generally, yes, depending on the kind of MDM software used, it can collect info about the entire machine (software that’s installed, files, etc.). Depending on how the VPN is configured and whether it requires all traffic to go through it, it’s possible they can see non-work-related traffic as well. Such is the nature of both products because they’re meant to allow organizations to have control over their equipment/data/assets/etc.
Like droney said if it containerizes the work side of the phone under a work profile then that’s acceptable. That’s how my company currently does it.
If they are trying to manage the entirety of your personal phone then they are opening themselves up for a lot of problems, and opening a door to snoop on what you do on your personal time. Also allows a stupid admin to do a whoopsie and wipe the entirety of your phone. Meaning, they are taking ownership of a device you paid for.
It should be easy to tell. You should have separate work icons on iOS or on a Samsung you should have a work button when you pull up your app drawer.