alt Hacker NewsIt appears personal devices were also impacted by this via Microsoft Intune. That app is presented to employees as a way to get their email/slack on their personal device without giving IT systems access to it.
IT systems around the country say that they have no access to your personal data and there they can only block access to Intune apps.
But the linked reddit thread[1] in this article notes personal devices getting wiped and locked out.
[1]: https://www.reddit.com/r/cybersecurity/comments/1rqopq0/stry...
Replies
Knowing InTune MDM setup, it has two modes, control a few apps or control entire phone. iOS will tell you during setup what's happening and I've been at plenty of companies where employees are told "It's just for our apps" but it's really full Device Control. $TwoCompaniesAgo tried that "It's just for our applications" but when I went to install it, iOS went "This is 100% full device control" and I rejected it.
MDM enrollment has colloquially meant your device could be wiped for the security|incompetency of your firm for quite some time.
Bring Your Own Device (BYOD) MDM profiles typically don't allow personal data access outside of their sandbox, but they almost always include remote wipe capabilities.
iOS at least displays a very clear warning when you import the profile telling you exactly what it can do.
Not that this isn't awful, but it's good to be clear on what this can do when used within normal expectations.