June 14, 2021

Question regarding Microsoft Intune, an iPhone, and a disgruntled employee

**TL;DR:** If a disgruntled employee turns off their iPhone’s Wi-Fi to prevent an Intune/Account wipe, would they be able to screenshot e-mails/documents on their phone, transfer it to a computer, and harm the company?

​

Hi everyone,

I work at a business that utilizes Azure Active Directory in a hybrid environment and has MDM deployed through Intune. One of the topics that came up in a meeting today was an interesting scenario to which I had no answer. Here it is:

* Bob is a payroll administrator who works in Human Resources. Bob has a personal iPhone which has Intune, Outlook, and Authenticator installed on a work profile, but he also uses the default mail app.
* One day, the IT and Security departments are notified that Bob and HR are butting heads, and that Bob needs to have his account suspended/terminated immediately. His AD account is disabled and his device is wiped through Azure Active Directory, **however**
* Bob is fairly intelligent. He foresaw the deactivation of his account, and turned his phone’s Wi-Fi off so that it wouldn’t be wiped. His goal is to screenshot a payroll spreadsheet that’s in his phone’s e-mail (outlook, default mail app, 3rd party mail app, or otherwise), transfer it to his computer, and publish damaging information about the company/its employees.

Would Bob be able to do so? And if he *did* turn off the phone Wi-Fi and transfer data, is there any action (*besides legal/courtroom proceedings*) the business can take to prevent the data from being compromised?

​

If you have any follow-up questions, I’ll do my best to respond to them all throughout the day/week.

Comments

CPAtech

I’ve asked Office 365 support a similar question – if an employee is abruptly terminated how can we ensure they can’t continue sending email using their mobile device if the token has not yet refreshed? Support had no answers for me.

Eisn

If Bob is fairly intelligent then he already has that data before It starts the termination process.

And before you start with any fancy stuff that will prevent data leaks Bob can always take photos or write the payroll data down.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.