My company just started requiring Microsoft Intune Company Portal app to use Teams and Outlook. From a friend in IT infosec at another company said the app can push apps, require certain settings, password requirements, or OSs, and can see a lot of stuff on your phone. I don’t think this level of intrusion into my personal phone is warranted or ethical. Be warned. I’m just going to uninstall and suffer the internal political consequences.
Your line needs to be:
“It is inappropriate for me to store or access company data on my personal device. If you want me to be reachable outside of the office other than through phone or text, I will need a company device.”
This. As an IT administrator I can absolutely understand the need to adhere to certain baseline requirements for devices accessing company data. And I know my best bet to have control over that is with company supplied hardware. Not BYOD, fuck that.
Even though phone or text. If you want not then a cursory via or call, you need to provide a phone.