Device Privacy
Device Privacy settings in MDM allow administrators to configure managed devices to ensure user privacy while securing corporate data. These settings help maintain the balance between user confidentiality and organizational security. MDM provides administrators the ability to establish device configurations that prioritize employee privacy, separate work and personal data, ensure secure remote access, and comply with organizational policies.
Data Collected by MDM
By default, MDM collects essential information such as the Serial Number and IMEI Number to identify the device. To collect Personally Identifiable Information (PII), admin need to configure device privacy settings for personal, corporate, or both types of devices.
What data is NEVER collected or managed?
- Pictures / videos from your gallery
- Browsing history
- Call logs and call recordings
- Text messages
- Saved passwords
- Data or documents maintained in personal apps
Configuring Device Privacy Settings
Follow the steps below to configure the device privacy settings in MDM:
- Navigate to the Admin tab. Click on the Device Privacy under Privacy Settings.
- Configure the settings based on your requirements for Device Privacy, Remote Commands, Privacy Policy, and Applicable Devices settings. Click Save to apply the settings.
For more details about each parameter and its functionality, refer to the Device Privacy Attribute Table.
Device Privacy Attribute Table
| PARAMETER | Android Management Mode | iOS Management Mode | |||
|---|---|---|---|---|---|
| Work Profile (Profile Owner) | Fully Managed (Device Owner) | Fully Managed with a Work Profile | Supervised - Automated device enrolment | Unsupervised - User Enrolment | |
| Device Data | |||||
| IMEI Number Note: For Android 12 Profile Owner, MDM relies solely on the UDID to track device information. |
 |
|
|
 |
|
| Phone Number | |
|
|
|
|
| User-Installed Apps | |
|
|
|
|
| User Installed Certificates | |
|
|
|
|
| Device Name | |
|
|
|
|
| Geo-location | |
|
|
|
|
| Device State Reports |
This applies only to Chrome and Shared iPad and Mac devices. It displays the device's state, indicating whether it is in contact with the MDM server, along with the time when the device was last active. |
||||
| User Login Status |
This is applicable only for Chrome and Shared iPad and Mac devices. It collects and displays the details of the users who have logged into the device. |
||||
| MAC Address |
The MAC address of devices is collected to help uniquely identify network interfaces and manage connectivity within the MDM system. |
||||
| Remote Command Execution | |||||
| Complete wipe Note: Apple devices, once this setting is disabled and the device is enrolled, the action cannot be modified unless the device is re-enrolled. |
|
|
|
|
|
| Bug reports To learn more, visit the Android Bug Reports page. |
|
|
|
|
|
| Remote view | |
|
|
|
|
| Remote control | |
|
|
|
|
| Reset device passcode Note:
|
|
|
|
|
|
| Policy Display | Configure whether the user can view the privacy policy defined by the organization. Users can also view the list of data collected and the purpose for it within the ME MDM app under the Privacy section. It is recommended to include details regarding the data collected and its purpose in the Terms of Use distributed to the users. | ||||
| Applicable Devices | Specify whether the policy should be applied to corporate devices, personal devices, or both. | ||||
- Server Privacy Settings: It is recommended to configure Server Privacy Settings to protect data privacy on the server. Additionally, set up Server Security Settings to ensure the security of data stored on the server. Review the Terms of Use to outline the mandate for data collection and the purposes for collecting it.
- Lost Mode: When a device is in Lost Mode, the device’s location is tracked, and security actions such as a data wipe are executed, regardless of the configured privacy settings. This is because the user explicitly grants consent to execute these commands in Lost Mode.
- Terms of Use Distribution: It is advisable to distribute an updated version of the Terms of Use policy whenever these settings are modified to ensure users are informed of changes.