Dans le monde actuel, où la sécurité des données est primordiale, Microsoft Intune se positionne comme une solution de gestion de la mobilité d'entreprise (EMM) incontournable. Cependant, il est crucial de comprendre comment Intune collecte, traite et partage les données personnelles lors de l'enrôlement des appareils. Dans cet article, nous explorons en détail les sources de collecte, les types de données collectées et les implications pour la confidentialité.
Sources de Collecte de Données
1. Utilisation par les Administrateurs
Les administrateurs accèdent à Intune via le Microsoft Intune admin center, fournissant ainsi des données cruciales pour la gestion des services.
2. Appareils des Utilisateurs Finaux
Lors de l'enrôlement et de l'utilisation des appareils, Intune collecte des données provenant de ces derniers, permettant une gestion efficace.
Les données requises sont essentielles au fonctionnement du service et comprennent des informations personnelles et non personnelles.
a. Données Client
Données personnelles identifiées directement ou pseudonymisées.
Données de support et données de compte.
Informations de paiement pour la facturation client.
b. Données d'Administration
Informations sur les administrateurs, y compris l'ID Active Directory.
Données de création d'administrateur, telles que les politiques de conformité et les scripts PowerShell.
c. Données de l'Appareil
Informations sur l'appareil, y compris le nom, le type, le modèle et le système d'exploitation.
2. Données Optionnelles
Les données optionnelles, bien que non essentielles, offrent des opportunités d'expériences plus riches.
a. Données Pseudonymisées
Collectées à des fins de diagnostic et de télémétrie.
Les utilisateurs ont le contrôle sur leur collecte.
Respect de la Vie Privée et Sécurité
Intune s'engage à ne pas vendre les données collectées à des tiers. De plus, certaines données sensibles ne sont ni collectées ni accessibles, préservant ainsi la vie privée des utilisateurs.
Données Non Collectées
Historique de navigation et d'appels.
Emails personnels, SMS, contacts et mots de passe.
Contenu des photos et calendriers personnels.
Conclusion
Comprendre la manière dont Microsoft Intune collecte et utilise les données est essentiel pour garantir la confidentialité des utilisateurs. Avec un engagement envers la transparence et le respect de la vie privée, Intune se positionne comme un choix fiable pour la gestion sécurisée des appareils. Pour en savoir plus sur le stockage, le traitement et le partage des données personnelles, consultez la documentation officielle de Microsoft Intune .
As an administrator, you can create exceptions to the Intune App Protection Policy (APP) data transfer policy. An exception allows you to specifically choose which unmanaged apps can transfer data to and from managed apps. Your IT must trust the unmanaged apps that you include in the exception list.
New apps that appear without your knowledge, strange messages or notifications, and a slower-running device are also potential signs. Overheating, increased data usage, unusual noises during calls, and difficulties in shutting down the phone could also indicate tracking.
Device Location History: Beyond just knowing where a device is now, MDM tools can track where it's been. This historical data can be invaluable, offering insights into usage patterns, identifying potential security risks, and helping recover lost or stolen devices by retracing their movements.
Right after the enrollment Windows 10 devices checks policies and settings every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours. Already enrolled device checks Intune settings every 8 hours.
By default, Intune devices check in every 8 hours and the Last check-in value also updates every 8 hours in the Intune portal. If Last check in is more than 24 hours, there may be an issue with the device.
If you want to stop taking screenshots on the entire device, you can block the feature at the device level using the Intune device restriction policy. If you want to block screen capture on specific apps like Outlook, etc., you can prevent the feature using an app protection policy.
Device enrollment is not required even though the Company Portal app is always required. For Mobile Application Management (MAM), the end user just needs to have the Company Portal app installed on the device.
Intune also enables administrators to enforce data protection and compliance through device configuration and compliance policies. These policies allow for the fine-tuning of device settings, authentication methods, VPN configurations, software updates, and security baselines.
You can protect access and data on organization-owned and users personal devices. And, Intune has compliance and reporting features that support the Zero Trust security model.
Go to PC Settings > Network > Workplace.Under Workplace Join, select Leave.Under Turn on device management, select Turn off.On the popup window that opens, select Turn off.
For security purposes, Intune maintains audit logs for user and device actions for one year. These logs are automatically deleted after the one-year retention period. To review audit logs, see Audit logs for Intune activities. Admins can't delete audit logs.
Your organization can't see your personal information when you enroll a device in Microsoft Intune. Enrolling your device makes certain information, such as device model and serial number, visible to IT administrators and support people with administrator access.
There are several types of logs that Intune provides: Audit Logs: These logs track and monitor activities such as policy changes, device enrollment, and app management. They provide a record of actions taken by users and administrators, offering insights into who did what and when.
When you use the Locate device action for an Android Enterprise dedicated device that is off-line and unable to respond with its current location, Intune attempts to display its last known location. This capability uses data submitted by the device when it checks in with Intune.
Introduction: My name is Greg Kuvalis, I am a witty, spotless, beautiful, charming, delightful, thankful, beautiful person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.