Argh stupid corporate security

Soldato
Joined
20 Oct 2002
Posts
17,854
Location
London
So I've been looking forward to the promises of our corporate overlords to upgrade us all to Office 365. With the intention of finally being able to get rid of carrying two phones around all the time. I have a Xiaomi Mi A2 Lite and it's dual-sim and utterly brilliant. My work phone is some old iPhone trash that I've been keeping because it's so small (I think it's a 5 or something). Great, I thought. Gimme O365, I'll stick my corporate sim in the Xiaomi, get the O365 apps and off I go.

Of course not. :( I've been round the houses with the upgrade last week (well, the mobile part) and of course, what they didn't say anywhere was that they are only supporting Samsung and Apple devices "due to security". Aaarrgh :(:(:(

Is there any real reason for this? On Android, what could Samsung possibly offer in terms of security over any other manufacturer? Can I trick them into thinking my phone is a Samsung? :mad: :( lol
 
Man of Honour
Joined
13 Oct 2006
Posts
90,805
Yeah I know all that is going on (even though Apple and Samsung are still made in china too lol).

The hardware design and software development isn't done in China or by domestic Chinese companies though which is the important bit.
 
Soldato
Joined
13 Apr 2013
Posts
12,370
Location
La France
The hardware design and software development isn't done in China or by domestic Chinese companies though which is the important bit.

Not entirely true in Apple’s case as they do have a bunch of Chinese R&D and QA engineers based in Beijing and Shanghai, not counting all the production engineering teams on site at the various factories.
 
Soldato
OP
Joined
20 Oct 2002
Posts
17,854
Location
London
I'm still trying to find an 'official' answer but a guy in infosec just told me the ability to use Samsung's is probably going away soon. They want to move away from allowing any Android phones full stop. Balls. How disgusting for a company our size to simply line the pockets of Apple.

Surely phones running stock Android (Android One, like my Xiaomi) can't be less secure than Apple phones? :confused:

I'm actually debating trying an iphone as a daily-driver/dual sim. But my life is in Google (Gmail, calendar, Keep, Home, Play Music). Can you turn an iPhone into something that would actually work well enough for all that? :confused:
 
Soldato
Joined
14 Apr 2014
Posts
6,570
Location
Sunny Sussex
Well this thread may be of interest to you. Basically a lot of big organisations simply have an unofficial policy of no Chinese phone manufacturers.

At Red Hat, we need to install a Google device policy, essentially locking our phone down. Can't transfer any data between work and non work apps. I.e. if you have something saved on your personal drive, you can't open it in work sheets and vice versa.

But, it works on any Android phone :)
 
Soldato
OP
Joined
20 Oct 2002
Posts
17,854
Location
London
At Red Hat, we need to install a Google device policy, essentially locking our phone down. Can't transfer any data between work and non work apps. I.e. if you have something saved on your personal drive, you can't open it in work sheets and vice versa.

But, it works on any Android phone :)
Yeah, we got pointed to MS Company Portal which essentially does the same thing. I got all the way through until it went "computer says no" and said the manufacturer was not approved. It's so infuriating :(
 
Soldato
Joined
14 Apr 2014
Posts
6,570
Location
Sunny Sussex
Yeah, we got pointed to MS Company Portal which essentially does the same thing. I got all the way through until it went "computer says no" and said the manufacturer was not approved. It's so infuriating :(

Yep, real pain. When it was first implemented, it removed the ability to see notifications!! Kind of defeated the point of a phone :p

Thankfully, they've altered that now
 
Soldato
Joined
4 Mar 2003
Posts
12,449
Location
Chatteris
We supply company approved devices - that is one of two Samsung models (older and it's replacement). They are all enrolled into Airwatch which seriously restricts what you can do with the phone.
You only have a catalogue of approved apps for example.
We do allow "BYOD" with regards receiving email, however we setup a container on the user's device, so that we can remotely remove that feature at any time.

Tablets we have a max of iPads and Samsung, but again all enrolled into Airwatch, with restrictions in place.
 
Caporegime
Joined
17 Jul 2010
Posts
25,657
I thought about setting up my work email on my phone in the past but when they said it would need an immediate screen lock at 0 seconds and it also gave them the ability to remotely lock or wipe or even brick the phone I noped right out of that. I don't need access to my emails on my phone but I hate coming into nearly a hundred emails after 2 days off and having to sift through them to find the five or six that are important.
 
Soldato
Joined
28 Feb 2006
Posts
4,798
Location
No longer riding an Italian
Sounds like your IT are big Apple fans (which is odd for anyone who works in Infrastructure :D), or (more likely) they have fallen foul of director/management level wanting Apple company kit - as it's bragging rights to their mates! IT will have to reluctantly follow the overlords on that one.

I've not used O365's admin center for a while, but recalled it had basic hardware checks in place back in 2015 - so you couldn't easily trick it; your later post confirms that they have clearly setup a mobile device policy to block manufacturers, so people were probably as naughty as you - but that does help you dodge a bullet! I would expect any circumvention on your part, would likely be gross misconduct, and would lead to your swift departure.

What with GDPR and whatnot as well, IT face more headaches with BYOD requests, and some places are flatly refusing to allow any Corporate content on no-corporate devices; even OWA gets disallowed! In places where the still allow the use of personal kit, you might be forced down having something like Meraki MDM installed - which puts a lot of tracking and control of your device, into the hands of your IT folks.

Not sure why they're veering away from Android though - the newer Blackberry phones are pure Android, with a secure BB section built in, and most places still consider those to be some of the most secure devices; maybe your IT are just worried with the ease of rooting Android devices or something?

But it sounds like you can transition over to iPhone, as all you Google needs are catered for on there iirc.
 
Soldato
OP
Joined
20 Oct 2002
Posts
17,854
Location
London
Tablets we have a max of iPads and Samsung, but again all enrolled into Airwatch, with restrictions in place.
Yeah we had Airwatch for a while but seems they've ditched it for this Company Portal? Looks a lot cleaner tbh. Is jamf another of these things too?

I thought about setting up my work email on my phone in the past but when they said it would need an immediate screen lock at 0 seconds and it also gave them the ability to remotely lock or wipe or even brick the phone I noped right out of that.
Honestly I couldn't care less about the ability for them to brick it. The beauty of being an Android user is everything (Photos, Contacts, Calendar, Keep etc.) is sync'd in the cloud. I'd be miffed but if it means I can carry one phone around (and use my unlimited company data in the 2nd sim slot :D) then so be it.

But it sounds like you can transition over to iPhone, as all you Google needs are catered for on there iirc.
Well, can I though? I might write down all the apps I have that aren't free. I'm assuming all the Google apps are good to go on an iPhone.

Sounds like your IT are big Apple fans
So, I work in a large international film distributor. Give it 2-3 years and Apple are going to be one of our big rivals. Piling all this money into them seems a bit silly...

My issue really comes up as I am expected to be contactable out of hours. Not "on call" or anything that regimented, but it's the media industry, things happen out of hours etc. It's part of the way the world works. Say last weekend I went to a music festival. Not taking a bag or anything, so I either take the risk of forwarding my work phone and hope nothing urgent comes up (because I can't see emails or actually do anything), or carrying it around as well which when you're at a music festival with no bag, is not ideal!
 
Associate
Joined
27 Oct 2008
Posts
1,898
Location
Gloucester
I've deployed Sophos MDM (Mobile Device Manager) and your only real choices are iPhones or Samsung due to the security they use. Other Android devices have much less configurable options than Samsung i.e an LG device has about 35% of the settings you can apply to a Samsung.
The Sophos engineer did say that iPhones were much more configurable than Android as no user interaction is required. Android devices are a proper chore to set up.
 
Associate
Joined
9 Jan 2019
Posts
885
We use airwatch as well, its not really much more of a baw ache than apple to manage.
We are moving as many away from apples overpriced toys as possible as the cost the uni was racking up for there shiney devices was shocking.
 
Soldato
Joined
28 Feb 2006
Posts
4,798
Location
No longer riding an Italian
Well, can I though? I might write down all the apps I have that aren't free. I'm assuming all the Google apps are good to go on an iPhone.

Of the apps you listed, then the answer is 'should be' - as they are all available on the AppStore from what I can see. Whether they work the same remains to be seen, as I personally don't use Apple stuff - an although the 'big tech giants' can be petty; I'm sure they'd get in hot water if they somehow gimped how their apps work on another platform. Anything else you might use though, is a big question mark really - if you have invested in the Google ecosystem, then you'd have to buy again for Apple.
 
Back
Top Bottom