Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to:
- Windows
- Android
- iOS/iPadOS
- macOS
- Linux
Your organization can't see your personal information when you enroll a device in Microsoft Intune. Enrolling your device makes certain information such as device model and serial number visible to IT administrators and support people with administrator access.
- Support person: This is the person or department at your organization that you're supposed to contact if you're having problems with your device. They provide technical support for device setupenrollmentand access.
- IT administrator: IT admin for shortthis person or team of people configures the Microsoft Intune device management and enrollment settings for your organization. Some IT admins also provide technical support.
This article describes everything your organization can and can't access on an enrolled deviceand explains why certain data is made visible. To view the ownership type for an enrolled devicesign in to the Intune Company Portal app or website and go to Device Details.
Things your organization can never see
Your organization can't see:
- Calling and web browsing history
- Email and text messages
- Contacts
- Calendar
- Passwords
- Picturesincluding what's in the photos app or camera roll
- Content of user-created documents
Things your organization can always see
Your organization can always see:
- Device owner
- Device name
- Device serial number
- Device modelsuch as Google Pixel
- Device manufacturersuch as Microsoft
- Operating system and versionsuch as iOS 12.0.1
- Device IMEI
Things your organization might see
Your organization can see and access certain aspects of your device when assisting with or troubleshooting device setup. This section describes the type of information available.
Phone number
Your organization can see the full phone number of all corporate-owned devicesexcept for Android devices with a work profilewhich only show the last four digits. They can see the last four digits of a personal device's phone number.
Device storage space
If you have trouble installing a required appyour support person might look at your storage size to find out if low space is the cause.
Location
Your organization can view a lost corporate-owned device's location. They can't view a personal device's location.
If necessaryyour organization can put a missingcorporate-owned iPhone or iPad into managed lost mode. This mode lets your organization request the device location. When someone requests access to the device locationthe device locks and a message appears on the lock screen to explain what's happening. For information about supervisionwhich is another type of configuration for corporate-owned Apple devicessee Get started with a supervised iPhone or iPad in the Apple support docs.
App inventory details
On corporate-owned Android devices that have a work profileyour organization can only see the apps installed in the work profile. For all other corporate-owned devicesthey see all installed apps.
On personal devicesyour organization can see the managed app inventorywhich includes work and school apps. Some configurations allow organizations to see more than just the managed app inventory on a personal device. To learn more about the information your organization collectscontact your IT admin.
Note
An app is considered a managed app when it's installed in one of the following ways:
- You install it from the Company Portal app after your organization makes it available to you.
- Your organization requires you to have a certain app for work and school and automatically installs it on the device upon enrollment.
App permissions
Note
This information applies to devices running Android 11 and earlier.
An IT admin can grant permission to apps in the work profileboth manually and by automation. The IT admin does this to reduce the number of prompts you receive. The permissions could be for things like the cameramicrophoneand location. If your device is running Android 11you receive a push notification when someone grants permission to an app.
Network information
Some information about network connections for Android devices may be available to your organization. For exampleif your organization requires devices to remain within a certain buildingyour device would identify the network where it's connected.
Additional device details
Your organization can query these details about a corporate-owned Windows device.
- Hardware and operating system environment information
- Installed certificate details
- File paths and file names
- Operating system user and group information
- Registry and event log entries
- Details about running processes
For more informationsee Device Query.