**TL;DR:** If a disgruntled employee turns off their iPhone’s Wi-Fi to prevent an Intune/Account wipe, would they be able to screenshot e-mails/documents on their phone, transfer it to a computer, and harm the company?
I work at a business that utilizes Azure Active Directory in a hybrid environment and has MDM deployed through Intune. One of the topics that came up in a meeting today was an interesting scenario to which I had no answer. Here it is:
* Bob is a payroll administrator who works in Human Resources. Bob has a personal iPhone which has Intune, Outlook, and Authenticator installed on a work profile, but he also uses the default mail app.
* One day, the IT and Security departments are notified that Bob and HR are butting heads, and that Bob needs to have his account suspended/terminated immediately. His AD account is disabled and his device is wiped through Azure Active Directory, **however**
* Bob is fairly intelligent. He foresaw the deactivation of his account, and turned his phone’s Wi-Fi off so that it wouldn’t be wiped. His goal is to screenshot a payroll spreadsheet that’s in his phone’s e-mail (outlook, default mail app, 3rd party mail app, or otherwise), transfer it to his computer, and publish damaging information about the company/its employees.
Would Bob be able to do so? And if he *did* turn off the phone Wi-Fi and transfer data, is there any action (*besides legal/courtroom proceedings*) the business can take to prevent the data from being compromised?
If you have any follow-up questions, I’ll do my best to respond to them all throughout the day/week.