pdf icon
Category Filter
x

Device Privacy

With mobile devices slowly permeating into organizations, managing them comes up with its own set of challenges especially with respect to the data collected. Data collected, even for management purposes can be used for identification causing privacy concerns and futher exemplified, in case of personal devices(BYOD). MDM however, lets you customize the existing privacy settings to suit the needs of the organization. You can choose to configure the settings for all the managed devices or only for corporate/personal devices, ensuring privacy is maintained.

It is also recommended to configure Server Privacy Settings to ensure data privacy on the server, Server Security Settings to ensure data security on the server and Terms of Use which sets the mandate for the data collected and purposes for collecting the same.

Policy Description

You can choose to configure the device data collected and displayed on the MDM server. Additionally, you can also configure whether to execute remote commands on device or not. Further, you can also choose to display the privacy policy derived from the privacy settings, to the users. These settings can be applied to personal and/or corporate devices

Configuring Privacy Settings

  • On the MDM server, click on Admin tab from the top menu and select Privacy Settings.
  • Configure the policy based on the table given below:
PARAMETER DESCRIPTION
Device Data Configure the device data which MDM is permitted to collect and display. By default, IMEI and Serial Number are collected and displayed. However, you can choose whether the following data can be collected or not:
  • Phone Number: Restrict collecting and displaying the Phone number of devices, for the Inventory tab, Reports, and auditing purposes.
  • IMEI number: Allow or restrict collecting and displaying the IMEI number of device(s), to be displayed in the Inventory tab and used for auditing purposes.(The IMEI number is collected by default from devices for management purposes, but can be restricted if required.)
  • User-installed apps:Allow or Restrict collecting and displaying the information about apps installed by the users, to generate reports about apps, or blocklist apps.
  • User installed certificates: (Applicable for iOS devices running on version 13 and above, macOS devices running on version 10.15 and above and tvOS devices running on versions 13 and above) Allow or Restrict collecting and displaying the information about certificates installed by the users, to generate reports about certificates, certificate validation, etc.
  • Device Name: Allow or Restrict collecting and displaying the Device name, for Reports and auditing purposes.
  • Geo-location: Allow or Restrict collecting and displaying the device's location, to be used for Location Tracking and Location Reports.
  • Device State Reporting: (Applicable for Chrome devices) To display the device's state, if it is in contact with the MDM server or not. This also includes the time at which the device was active.
  • Recent Users Reporting: (Applicable for Chrome devices) - For maintaining the list of users who have recently logged into the device.
  • Serial Number: Restrict collecting and displaying the IMEI of device, to be displayed in the Inventory tab and used for auditing purposes. (The Serial number of device(s) is collected by default from devices, but can be restricted if required.)
  • MAC Address:Allow or Restrict collecting and displaying the MAC Address of devices, to be displayed in the Inventory tab and used for auditing purposes.
Remote Command Execution Specify whether the remote commands can be executed on devices or not. In case of data wipe, you can choose to either enable/disable it but in case of Remote Control, you can also leave it to the user
Policy Display Configure whether the user can view this privacy policy or not. Users can also view the list of data collected and the purpose for the same. It is recommended to provide details regarding the data collected and the purpose for the same, on the Terms of Use distributed to the users.
Applicable Devices Specify whether the policy is to be applied to corporate and/or personal devices.
  • In case of Lost Mode, the device location is tracked and security commands such as data wipe etc., get executed irrespective of the settings configured, as the user explicitly grants consent for executing Lost Mode.
  • It is also recommended to distribute the updated version of the Terms of Use policy, every time these settings are modified.
Jump To