I will admit, I’ve never been a huge fan of Mobile Device Management (MDM). Given the way this whole kerfuffle between the FBI and Apple is playing out, anyone who cares about their personal digital privacy should think twice before subjecting their personally-purchased devices to MDM.
One of many things an MDM solution can do is control the PIN code on the device. Namely, it can control that one exists, force a specific length of PIN, and even reset a PIN. This fact entered the public discourse around the San Bernardino shooter’s iPhone that the FBI is trying to get Apple to assist them in unlocking.
If San Bernardino County (who owned the phone the shooter used) installed MDM on the target device, the whole public debate around this would not be happening. I don’t know of any company who would deny a request to reset or disable the PIN, particularly if it were backed by a court order. Unlike what the FBI is asking Apple to do now, it would not be burdensome to carry out, either.
This places an extra burden on employers who manage employee devices through MDM. Specifically, do you have a process to handle law enforcement requests like this? Are your employees aware of this policy and have they consented? Also, MDM doesn’t do a whole lot to protect corporate data or detect the presence of malicious software on mobile devices.
As an individual, this doesn’t make me feel all that safe about trusting my phone to MDM, at least not without understand precisely what features and functionality will be under MDM control.
Disclaimer: My employer Check Point Software Technologies might have differing views on this topic. These thoughts are my own.