Device Privacy
Managing personal devices (BYOD) comes with its own set of challenges. Admins have to ensure that the privacy of the users is not affected and at the same time, the corporate data has to be secured. Endpoint Central helps admin to configure the device settings considering the confidentiality of the employees, well defined work and personal data maintenance, protected access to remote control and various other compliance policies.
It is also recommended to configure Server Privacy Settings to ensure data privacy on the server, Server Security Settings to ensure data security on the server and Terms of Use which sets the mandate for the data collected and purposes for collecting the same.
Policy Description
You can configure the settings and data that are collected from personal devices with respect to your compliance policy. Further you can also configure whether to execute remote commands or not. These settings can be applied to both corporate and personal devices.
Configuring Privacy Settings
- On the Endpoint Central server, click on Admin tab from the top menu and select Privacy Settings.
- Configure the policy based on the table given below:
Note:You can configure the following settings whether to be enabled/disabled on the devices with respect to your organization's policies. The data collected is used for Inventory tab, reporting and auditing purposes.
PARAMETER |
DESCRIPTION |
Device Data |
Serial number and IMEI number are collected by default as it is used by Endpoint Central to identify the device. You can completely restrict collecting the below Device Data by selecting Do not collect.
Note: From Android 12, Endpoint Central uses only UDID to track device information.
- IMSI number:This is applicable only to Android devices. You can choose to collect and display the IMSI number or not.
- Phone Number: You can choose to collect and display the phone number of the device or not.
- User-installed apps: The apps installed by users can be collected and displayed. You can choose to collect or not.
- User installed certificates: This is applicable only for Apple devices. The certificates installed by the users can be collected and displayed.
- Device Name:You can choose to collect and display the device name of the device or not.
- Geo-location: Location of the devices can be collected and displayed. You can choose to collect or restrict them. To know more about Location based features on MDM, click here.
- Device State Reports:This is applicable only for Chrome and Shared iPad and Mac devices. To display the device's state, if it is in contact with the Endpoint Central server or not. This also includes the time at which the device was active. You can choose to collect or not.
- User login status:This is applicable only for Chrome and Shared iPad and Mac devices. Collects and displays the details of the users who have logged into the device. You can choose to collect or restrict them.
- MAC Address:Choose to allow or restrict collecting Mac address of devices.
|
Remote Command Execution |
Admins can remotely perform the following commands on the user's devices. Configure the settings in accordance with the privacy policies of your organization.
- Complete wipe:Complete wipe removes all the data present on the device. You can prefer to enable/disable this action. Only incase of Apple devices, once the setting is disabled and enrolled, you cannot modify the action unless re-enrolled.
- Bug reports: This is applicable for Android device. Bug reports can be collected for audit purposes or to analyze any anomalies in the apps distributed. Admins can either disable this or can collect it with user's consent. Check this to know about Android bug reports.
- Remote view/control: Admins can remotely view and control the device. This action can be completely disabled by the admin or the admin can remotely view/control the device with user's consent.
- Reset device passcode: Admins can remotely reset or clear device passcode. Incase of Android, you can also use a recovery key to reset device passcode. Click here to know about how to generate a recovery key.
|
Policy Display |
Configure whether the user can view this privacy policy defined by the organization or not. Users can also view the list of data collected and the purpose for the same on the ME MDM app under Privacy. It is recommended to provide details regarding the data collected and the purpose for the same, on the Terms of Use distributed to the users. |
Applicable Devices |
Specify whether the policy is to be applied to corporate and/or personal devices. |
- In case of Lost Mode, the device location is tracked and security commands such as data wipe etc., get executed irrespective of the settings configured, as the user explicitly grants consent for executing Lost Mode.
- It is also recommended to distribute the updated version of the Terms of Use policy, every time these settings are modified.