Privacy Configuration

A privacy configuration defines whether:

  • location data is collected on the device and sent to the device management system
  • administrators are allowed to wipe the device
  • app inventory is collected for all apps or just those that appear in the app catalog

Privacy settings

Device Wipe action and collecting Inventory for all apps on device is not applicable for User Enrolled devices.

Setting

What To Do

Name

Enter a name that identifies this configuration.

Description

Enter a description that clarifies the purpose of this configuration.

Collect Location Data

Select to enable the collection of location data. View device location in the Devices page.

  • For iOS devices, the location displayed for a device is based on the network location only.
  • F or Android devices, the location is based on both network location and GPS location (if available).
  • For Windows devices, the location is based on the latitude and longitude values obtained during a device checkin.

When location collection is enabled on a device, the current location is updated every 4 hours. Location data is removed from the device management system when the device is retired or the privacy configuration is disabled or removed.

Device users can turn off collection of location data on the device.

Disable Device Wipe Action

Select to prevent administrators from wiping the device. Consider selecting this option for devices that are owned by the user (employee owned).

Prompt user to enable location services

Select to allow the users to optionally enable the ability to allow or disallow the use of location services including locating the devices, Wi-Fi and MTD, as needed. In the case of fully managed devices, this can be auto granted if the administrator chooses to disable the option.

Collect App Inventory

Select Collect App Inventory to collect information on all apps installed on the device, regardless of whether an app is present in the app catalog. 

Select For Apps on the Device that are in the App Catalog to collect information on only those apps installed on the device and present in the app catalog.

Select For All Apps on the Device to collect information on all apps on the device. This option is applicable to Windows 10+ devices. The following app source type inventories are displayed and selected by default.

  • Enable Non App Store Inventory - for In house apps(Universal apps) pushed through MDM or installed by end-user directly on device by manually unpacking the app and installing it locally.
  • Enable App Store Inventory - for the apps installed from Microsoft Store manually or via Apps@work store-front.
  • Enable System Inventory - for the apps reported as pre-installed along with Windows 10 OS by Microsoft.
  • Enable Win32 inventory - for the system 32 based apps like apps like MSI, EXE, Win32 Store apps, and so on that are installed by pushing through MDM or installed directly on device by the end-user.
    You can optionally select only those app source type inventories to collect information on selective apps.

    MDM-installed apps appear in the App Inventory, even if you don't select Non App Store or Win32 app inventory.

    The.EXEs inventory is also collected when the Privacy configuration is using the default configuration to collect App Inventory only for AppCatalog. The inventory must be collected consistently for all apps when collecting only for the AppCatalog apps.

    The inventory for Modern, MSI, and EXE apps available in the App Catalog; will be pulled only when at least one app belonging to each of these variants is distributed.

Settings for Android Enterprise devices (7.0+)

Configure the settings given below to set the privacy policy to Android Enterprise devices.

Organization name

Enter the name of the organization managing the device.

Organization color

Select the organization color that should be displayed in the background of the user's screen.

Short message

Enter a short message that should be displayed when the user attempts to use a function that is locked down by the administrator.

Long message

Enter the long message that should be displayed when the user clicks on the short message. This message provides more details on the restriction given to the user.

For more information, see How to create a configuration