MDM, BYOD, and employer/employee device issues

[Starting from a discussion of Lockdown Mode… -Adam]

Keep in mind that, per recent Apple tradition, any such feature is likely either disabled, or circumventable, when the device is controlled by your employer. And such control is sometimes extended to personal devices - yes; you have to opt-in, though of course the pressure to do so, can be significant.

Other way around. Once you’re in Lockdown Mode, the device can no longer be enrolled in MDM or accept profiles.

Lockdown Mode also blocks installation of configuration profiles, which some attackers have exploited to intercept all data entering and leaving a device. While in Lockdown Mode, devices can’t be enrolled into mobile device management, either, which eliminates another known worry.

…can no longer be enrolled in NEW management - existing policies are not affected.
we’ll see what happens when we have it, and can analyze it - however Apple’s policies of late, are quite clear: the employer has primacy over the employer’s equipment. and the employer can extend that to an employee’s personal equipment, if the employee consents - which, as we know, is a power dynamic that increasingly favors the employer.

I’ve seen otherwise. In many industries, mgmt strongly frowns upon company/proprietary data being stored/used on personally owned equipment. Get to the arenas of high tech, aerospace, and defense and those frowns turn to specific job restrictions and even laws.

In those employment situations where above does not apply, and the employer attempts to force the employee to comply, there’s the EEOC…or the highway.

Add in trade secrets, confidential agreements, financial, strategic and creative services. Non compete clauses in employment contracts are common.

Sure; there’s the theory of the EEOC - and then there’s the reality of the enormously imbalanced power dynamic, where the employer holds almost all the cards, and acts that way. An exception here and there, where an [employee] prevails, merely proves the far more frequent rule.

And the central point remains: The employer controls the equipment in use by the employer - sometimes extending to the employee’s personal equipment. This is not theory; it’s a reality that many of us live - myself included.

Apple has chosen to enable this. We can argue whether that’s good or bad - however it is the reality we operate in.

This new feature will likely operate under that same system - so my point in raising the issue, is simply to reflect the reality, so that we set our expectations appropriately.

BYOD policies are a joke and a scam. They are couched as being “for your productivity” but in reality they are a free ride for the device by the company. The company I used to work for would pay for the cell service for a BYOD device which sounds nice. However you then realize the extra stuff you are forced to load to protect the company data you’re accessing. And that any iOS upgrades have to be “approved” so that they don’t break the corporate crapware they require. And then the bell rings that the entire plan is to reduce capital costs on the balance sheet, not anything that really benefits you.

The ability to wipe the device by the company without notice comes with the territory of allowing you to have and access company information on your device.

1 Like

Employers only require this if you are going to be accessing company data and services on your personal equipment. You don’t have to do this.

You can choose to not use your personal phone/computer for work purposes. If the company requires you to have mobile access, then you can usually have them supply you with a phone for that purpose.

This is the case where I work. I have a company-issued laptop and a company-issued phone. The two are locked down pretty solid.

I did have the option to use my personal phone for remote access, but they were very clear upfront about the software (access control and monitoring) that would be required. I chose to have the company supply that phone specifically because I don’t want them to have access to my personal equipment.

Similarly, when I access the company’s Microsoft cloud services (Office, SharePoint, Outlook, etc.), there are restrictions that prevent me from downloading any files, except to a computer running the company’s security software. Which means I only do this on the company-issued laptop.

Nobody had any problem with my making these choices.


Again; sure - we can all add our anecdotes. The fact remains: This new capability is - like everything else - is no panacea. And given that Apple has provided these tools for businesses, and businesses use them (sometimes in a heavy-handed manner), it behooves employees to be aware and take care.

Panacea for what? I don’t understand your point, @mvgfr1, but I’d like to. It’s not a surprise that businesses impose rules and requirements for accessing their infrastructure. If you don’t want these applied to your personal device, use a company-provided device. Not having to carry two devices is a perk, in my opinion.


Here at my university we were not asked to consent. If you get the Apple through the U, or want to run Word etc. via Microsoft 365, you are subject(ed) to a whole bunch of software they install. That effectively made fast user switching, dynamic device name, and other things inoperable and I had to genuflect and ask, “please sir, may I have control of my machine,” to get those things made available (necessary for Sonos, and safe software testing). I remember that back in the 80’s (?) there was a judicial ruling that unless the comporation owned the computer per se, it was the equivalent of a drawer in your office desk. The contents were yours. It couldn’t be rifled through without permission or a warrant. But perhaps that has lapsed. Sorry to see Apple so complicit.

apologies for the lack of clarity; I meant panacea in the sense of keeping a personal device / info, safe from employer control / wipe.

Not sure about the word “complicit” - though I empathize with its use here.

FWIW: It’s unlikely that Apple would be as successful now, without something like this - and whether that was worth it – for various priorities.

And then of course we can discuss the “market” and societal conditions which contribute.