I’m non-techy. I work for a public school district and visit with kids in about a dozen schools. I like having my work email on my phone so teachers can get in touch if they need me. For years we’ve just used the outlook app with no real issues that I’ve noticed. We’re seeing more and more micromanagement and it sucks. We recently got notice that we have to install Cisco Duo on our phones if we want to have our email on it. Should i do that? Or just say no and be ok with being out of contact?

    • cm0002@lemmy.world
      link
      fedilink
      arrow-up
      14
      ·
      edit-2
      2 months ago

      I work in IT and have implemented quite a few MDM systems. For Android, a work profile will be entirely isolated personal data wise. IT can’t see anything beyond the work walls, however, there are a few shared things.

      If work enforces a tougher screen lock setting, it’ll take precedence over your regular lock screen setting. You might also have a few other things change while it’s active, like display time out (if work has a shorter setting).

      We can also see certain shared info like device serial number, IMEI number, OS version, security update version etc. Depending on the configuration, GPS/location info can be obtained as well (via an force-installed policy app for example)

      You can pause the profile at anytime which suspends ALL work profile app activity (So if there was an app they install that they could get GPS info from, that app would no longer be functional until unpaused again (no it can’t “run in the background” and collect info on the background either, it’s wholly suspended)) and the pause feature can be set on a schedule so if you have a 9-5 you can set it to that and avoid the whole “always available” problem.

      • MattMatt@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 months ago

        I wish work profiles were more separate. My company’s work profile ended up locking me out of my phone (including the personal profile) and forced me to wipe and start over with it. They disabled fingerprint unlock and required my unlock password to change monthly, and I got the periodic “you have to change your password NOW” notice while plugged into my car with Android Auto. I couldn’t enter a new password and the phone never unlocked again.

        I know, probably a super rare set of circumstances, but I’m not going to allow my work to root my phone again. They can buy me a phone if they need so much control.

        • Maestro@fedia.io
          link
          fedilink
          arrow-up
          5
          ·
          2 months ago

          Periodically rotating passwords is against NIST policy. Ask IT why the insist on using it when everyone, even the government, says it’s insecure

        • BCsven
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          Even hard shutdown and rebbot brought you into work profile?

    • Sailing7@lemmy.ml
      link
      fedilink
      arrow-up
      6
      ·
      2 months ago

      Well then, lemme give you something more specific to look into:

      Most Android Phones kinda hide the option to turn the Work-Profile on. But it is implemented at the core of android and should really be available on any android device thats from the last 5 years.

      Once you turn it on once you will be always able to see it. And you will also get one of those buttons available in your notification center. Just like those, that turn on and off your Wifi - this one will turn on your work profile. Or off - if Off, alllll the apps installed in the work profile will be disabled completely until you enable the work profile again.

      Very handy for splitting private and work stuff - since you can just turn off work profile when you walk out of the office and wont be bothered anymore.

      Lets get to the turnings thing on part:

      You simply need one app to activate the work profile.

      “Shelter” –> this app is not on the google playstore.

      This app is in the F-Droid Store. Since this is also a new thing lemme explain this real quick. F-Droid is an store just like Google Play Store. You can download and install apps from there. It comes as an app for your device, or you can just simply browse it in the webbrowser and download the apps you want from it from there. The F-Droid Store is well known in the Opem Source Community and is the Go-To Place if you want privacy respecting apps. - I am saying this to make sure you can trust this new and to you unknown store.

      Soooo. Back to the topic. Download either the complete F-Droid Store and in this app then search for the “Shelter” app - or simply download the shelter app once from the Website of F-Droid directly. Keep in mind if you go with the downloading F-Droid route: on its first launch, F-Droid will take ~30 secs to update its repositories and you wont find any apps in the search menu. So let it stay put for a few secs before starting your search.

      To make it as less of a hassle as possible ill go forward and describe the route where we will install the app directly from the website.

      1. Go here: https://f-droid.org/packages/net.typeblog.shelter/
      2. Click download F-Droid (for the full F-Droid Route)
      3. Or simply download “Shelter” directly by looking furhter down at the latest App Versions. Scroll down one of the paragraphs until you see the Linked Text “Download APK” (or similar - i have the UI on german, so idk what exactly the text will be. Just look for “APK”)
      4. Once its downlaoding and you have made sure your browser actually downloads it (chrome warns you about downloading APKs)
      5. Click the install/open button on the just downloaded APK.
      6. It will say that the setting for enabling app installation from untrusted sources is turned off right now - and the reason why it cannot be installed.
      7. Go to your system settings and search for “sources” – it should get you right to this exact setting. Turn it on/enable it.
      8. Go back to your browser and click install again. Then you will be prompted/asked if you want to enable, that your Browser is capable of installing APPS. Accept that – later you can disable both of those settings again. On this path we only need them for the initial installation.
      9. The app should be installed now.
      10. Search for the “Shelter” app in your app menu and open it.
      11. It will prompt you lots of stuff and explain many things. Read through them. It wont take long but will make you understand how it works better.
      12. Once set up - look for the play store app in the work profile. If you cant find it - use the Shelter app to clone apps from your personal profile to the work profile - such ass the playstore, or simply install the Cisco app once in normal profile and clone it over to work. Then delete it again from the normal profile. Though i would prefer getting the playstore and getting cisco directly from there - since this way you will auto-recieve updates and such.
      13. Learn to use work apps and how to disable them (look for the previously mentioned toggle in your notification center - you might have to edit this zone to find the button hidden under those not displayed by default)
      14. At this point you can install your apps for your work profile and disable your browser from being allowed to install apps and disabling the “apps from third party sources” option all together. (Though this one only, if you didnt choose the Full F-Droid installlation path. If you chose the full install path, this option will be neccesary for F-Droid to install updates in the future)

      I hope this helps ya!

      • Today@lemmy.worldOP
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        Thank you! Thank you!! I’m on a pixel 7. I looked last night and saw that i can set my phone to have multiple users or guest. I think i used f-droid for Lemmy apps last year. I’ll work on shelter today. I think we have until the end of the month before they start requiring Cisco duo. One other thing- as a public school district we’re subject to open records requests. As i understand it, we can be required to share any device we’ve used for work. I wonder if having two profiles would limit what i would have to share to only the work profile

        • Sailing7@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          2 months ago

          You are welcome!

          Yepp multiple users is a whole different but also great area.

          Using the work apps feature thingy you wont have to switch profiles and push messages are more readily available (not as much delayed as if you chose to use a guest profile).

        • WhoIsRich@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          2 months ago

          FYI there is also “Island” (white triangles on blue yellow background) on the Google Play Store which does similar if you don’t want to bother with FDroid.

          I use it for isolating work apps, only oddity is having to install a second instance of my favourite keyboard and browser app, and if I want to attach a photo to say Teams, the file picker will show nothing until you switch it to browse personal files.

        • BCsven
          link
          fedilink
          arrow-up
          2
          ·
          2 months ago

          On pixel it should just be in multi User setting, but you will have to search for it in the settings search