Hi all,
Random one here, but to install apps like teams/outlook etc on our personal devices we are required to download via the company portal with intune.
Its all set up just for personal devices (not company issued),
Over the last few days ive been using VPNs on my phone to download some games/redeem codes. Our work has a quite strict no VPN usage when accessing company data. I havent accessed any work apps/info etc while connected to the VPN - will intune flag up that a VPN has been utilised etc?!
Yes if those apps tried to do a login during vpn active. Tell work to shove it and issue you a business phone if they want you available on a mobile.
I mean, yeah, they might get an alert based on you signing into a work account while on a VPN. They might even have their security set up so that it automatically locks you account if it gets flagged for “impossible travel” (signing in from one IP location, then another on on the other side of the world in a matter of minutes).
I know others here are just telling you to tell them to shove it up their ass, but it isn’t that easy. If you signed an acceptable use policy with a no-VPN clause, they could very well tell you to shove it. If they force you to BYOD, a lot of times, they give a stipend of some sort to cover that. Still, even if they don’t, if it is part of a policy that you signed at hiring, there isn’t much you can do.
Your IT department needs to learn to use App Protection Policies and Conditional access instead of making people enroll their personal devices.
Yes it will, you’ll be flagged as a risky user. I don’t know if you can do it on iOS but on Android you can select what apps use the VPN.
Thanks all,
Just as an aside, I was logged out of all company apps (inc company portal itself) as we auto log out after 8 hours of inactivity.
Assuming as no attempt to log in was ever made while connected to the VPN it’s probably not been flagged?
We set up M365 to block access from anonymous VPNs + Tor + other stuff. I use all that on my home computer but I don’t want hackers executing an AiTM attack to be using that stuff. Our code in Defender for Cloud Apps will send an alert to the admins. I would speculate 99% of more M365 tenants with dedicated IT staff supporting that don’t do that.
Yes, to this. Then tell them they should be using MAM instead of forcing personal device enrollment.
Yes Per App VPN is possible on iOS also. You just need to select the Tunnel on the App Assignement.
They will still have the same VPN issue with MAM though.