MDM or Mobile Device Management is a solution that uses software as a component to provision mobile devices while protecting an organization’s assets, such as data.

Microsoft Intune is a cloud-based service that focuses on Mobile Device Management (MDM) and Mobile Application Management (MAM). As a user, you can control how your organization’s devices are used, including mobile phones and tablets. Users can also configure specific policies to control applications. MAM policies protect data within work-based applications without managing the entire device.

Intune is being implemented to protect the integrity of the confidential client and county business data that resides within Franklin County’s technology infrastructure. This includes internal and external cloud services. As mobile devices are becoming more prevalent in day-to-day activities, it is important to ensure that any applications or data being accessed on the county side is secured. Leveraging the Intune platform will allow the county to be secure while staying productive.

Personal devices are only impacted on an Application-basis through Application Protection Policies. The personal device is not managed through Intune. For company-owned devices that are enrolled in the Mobile Device Management (MDM) solution:

Your organization can't see:

• Calling and web browsing history

• Email and text messages

• Contacts

• Calendar

• Passwords

• Pictures, including what's in the photos app or camera roll

• Files

Your organization can always see:

• Phone number

• Device storage space

• Location

• App inventory

• App permissions

• Network information

• Device owner

• Device name

• Device serial number

• Device model, such as Google Pixel

• Device manufacturer, such as Microsoft

• Operating system and version, such as iOS 12.0.1

• Device IMEI

• App inventory and app names, such as Microsoft Word

  • On personal devices, your organization can only see your managed app inventory, which includes work and school apps.

  • On corporate-owned devices, your organization can see all apps installed on the device.

  • On corporate-owned devices with a work profile, which is limited to Android devices, your organization can only see the apps installed in your work profile.

https://learn.microsoft.com/en-us/mem/intune/user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune

For Franklin County work purposes, specific county-based applications and email are only managed remotely through the Intune platform. Personal devices are only impacted on an Application-basis through Application Protection Policies. The personal device is not managed through Intune.

Enrolling in Intune will grant access to wipe the device. The policies we have in place are implemented so this would only happen for a lost or stolen device. The user would report the lost or stolen device and confirm permission for the Data Center to initiate the wipe command.