Installing Teams on my personal device without company enrollment?
April 7, 2024 10:17 PM Subscribe
I'm in a desperate situation, our security team has a model where we can't install anything without permission now and a bill code (OSS or not). I cannot access any files out of my "One Drive," I can't access Terminal, can't run scripts and all kinds of programs that worked before (WSL) suddenly stopped. I can't access any web portals (Sharepoint, etc.) outside my work computer. Websites are now being randomly blacklisted. I tried eanrolling my Mac similar to my iPhone but I got to the company portal and the site has been down. My request has been in over a year. I don't care if it is a hack, I need a somewhat reliable way to transfer files (nothing confidential to the company). RClone, somehow hooking up a Raspberry Pi to the ethernet?
I can go on and on, and yes I'm actively looking for a new place. Others in my position will copy/paste files to GitHub or a cloud provider that's not blocked ... yet. I don't care if there's a hack out there or whatever but this is increasingly not viable as random stuff gets blocked all the time.
There's a wink wink, get it done attitude. This was precipitated because our offshore team were doing two jobs and instead of firing them they chose to lock everything down.
I just want to transfer files seamlessly and ideally use one computer for my Outlook and Teams. I don't care if there's a hack out there. My work laptop is no longer viable, it takes two days for a request for a program or whatever site I need unblocked to be made then another week to get it working with a 50/50 chance they understood the request. I need things done immediately, but I'm in a unique position.
Other shady or at least things I've never seen before: sales opportunities which won't be paid for unless it's paid for by the client, including room and board and dinner. Technically there's a request that can be made but I have to request expected total contract value, it has to go through several committees, they derive a price I can spend and it comes way low and takes up to 6 months to process. People just pay for stuff themselves.
I'm absolutely not stealing proprietary data I'm running a program to determine what needs to be done or what questions I need to ask. Sometimes it involves making graphics in Photoshop (we are told to use MS Paint). If I need to copy text I take a photo on my.phone and OCR it like others do.
This is a giant company that's apparently in software development.
I'd hack it but I can't figure out how or what to google on, the company enrollment page is constantly down, there's a ton of security loopholes. They don't take security seriously they install and half-ass configure it.
I can go on and on, and yes I'm actively looking for a new place. Others in my position will copy/paste files to GitHub or a cloud provider that's not blocked ... yet. I don't care if there's a hack out there or whatever but this is increasingly not viable as random stuff gets blocked all the time.
There's a wink wink, get it done attitude. This was precipitated because our offshore team were doing two jobs and instead of firing them they chose to lock everything down.
I just want to transfer files seamlessly and ideally use one computer for my Outlook and Teams. I don't care if there's a hack out there. My work laptop is no longer viable, it takes two days for a request for a program or whatever site I need unblocked to be made then another week to get it working with a 50/50 chance they understood the request. I need things done immediately, but I'm in a unique position.
Other shady or at least things I've never seen before: sales opportunities which won't be paid for unless it's paid for by the client, including room and board and dinner. Technically there's a request that can be made but I have to request expected total contract value, it has to go through several committees, they derive a price I can spend and it comes way low and takes up to 6 months to process. People just pay for stuff themselves.
I'm absolutely not stealing proprietary data I'm running a program to determine what needs to be done or what questions I need to ask. Sometimes it involves making graphics in Photoshop (we are told to use MS Paint). If I need to copy text I take a photo on my.phone and OCR it like others do.
This is a giant company that's apparently in software development.
I'd hack it but I can't figure out how or what to google on, the company enrollment page is constantly down, there's a ton of security loopholes. They don't take security seriously they install and half-ass configure it.
If I am reading this correctly, your job has put so many technical blocks in place that you're unable to access any of the tools on which you do your work?
Does your boss know? What do they say? Not wink wink. What actionable steps has your boss provided so that you have access to work? Engage your boss in this.
If I were in your shoes I would tell my boss, then do only what was possible to do from my work machine with no additional steps. Don't take on this desperation for your company, let them panic. Someone gives you a hard time about your productivity? Cool: "please provide me the concrete, actionable steps I can take to regain access to [tool]." (Document all of this.)
Use all your extra time not flailing in desperation to find a new job.
posted by phunniemee at 4:41 AM on April 8 [17 favorites]
Does your boss know? What do they say? Not wink wink. What actionable steps has your boss provided so that you have access to work? Engage your boss in this.
If I were in your shoes I would tell my boss, then do only what was possible to do from my work machine with no additional steps. Don't take on this desperation for your company, let them panic. Someone gives you a hard time about your productivity? Cool: "please provide me the concrete, actionable steps I can take to regain access to [tool]." (Document all of this.)
Use all your extra time not flailing in desperation to find a new job.
posted by phunniemee at 4:41 AM on April 8 [17 favorites]
I agree with phunniemee. This not your problem, this is a management problem.
posted by mhoye at 5:04 AM on April 8 [4 favorites]
posted by mhoye at 5:04 AM on April 8 [4 favorites]
Is the question how to access Teams and SharePoint resources (maybe just file) from your personal computer without permission of the company?
posted by Winnie the Proust at 5:11 AM on April 8 [1 favorite]
posted by Winnie the Proust at 5:11 AM on April 8 [1 favorite]
I cannot access any files out of my "One Drive," ... I need a somewhat reliable way to transfer files (nothing confidential to the company).
So you have personal, non-company files on your company's system and you want them back? Probably not going to happen. The company has no reason to cooperate because your files did not belong there in the first place. Happened to a friend of mine who used company email for personal correspondence and file storage for years and then -- surprise! -- there was no way to transfer it off the company servers.
You tried to connect your Mac and iPhone to the company system, and you're thinking of trying a Raspberry Pi? It seems unlikely that your company system would allow you to connect these unauthorized computers.
It's really hard to understand what has happened at the company, and what you're asking.
posted by JimN2TAW at 7:15 AM on April 8 [9 favorites]
So you have personal, non-company files on your company's system and you want them back? Probably not going to happen. The company has no reason to cooperate because your files did not belong there in the first place. Happened to a friend of mine who used company email for personal correspondence and file storage for years and then -- surprise! -- there was no way to transfer it off the company servers.
You tried to connect your Mac and iPhone to the company system, and you're thinking of trying a Raspberry Pi? It seems unlikely that your company system would allow you to connect these unauthorized computers.
It's really hard to understand what has happened at the company, and what you're asking.
posted by JimN2TAW at 7:15 AM on April 8 [9 favorites]
Based on the mention of sales trips, I wonder if this is a commission-based compensation structure where the OP is the one not making money if deals aren't closed? Like if it's a dog-eat-dog kind of sales structure maybe the ones with the wink-wink workarounds and willingness to self-fund trips close enough deals that the company is happy? I don't think we can assume that malicious compliance will really work for the OP. (If I'm wrong, OP, and you can get paid while doing exactly and only what you are allowed to do, do that.)
Regardless I also agree with the others that there's not some magical way to get files from one computer to the other if the company is blocking all the obvious ones, and if you can't get your work done solely on the company computer (because they won't install the programs you need?) then there is no real option other than to spend your time finding a new job instead of spending your time trying to find workarounds.
posted by misskaz at 7:21 AM on April 8
Regardless I also agree with the others that there's not some magical way to get files from one computer to the other if the company is blocking all the obvious ones, and if you can't get your work done solely on the company computer (because they won't install the programs you need?) then there is no real option other than to spend your time finding a new job instead of spending your time trying to find workarounds.
posted by misskaz at 7:21 AM on April 8
We have secure thumb drives that we sign out and can use to transfer large files back and forth from other non-work machines. Ask your tech support if there are approved external drives you can get on loan. I email myself a lot of personal files back and forth, but nothing work related. If GitHub is allowed, that’s going to be your easiest stable method and it’s not difficult to learn to use.
posted by dorothyisunderwood at 8:08 AM on April 8
posted by dorothyisunderwood at 8:08 AM on April 8
Also teams in a corporate setting will absolutely not cooperate with someone else’s teams. It’s designed to silo data for corporate security and end users cannot easily override that within a corporate setting. That is an absolute dead end.
posted by dorothyisunderwood at 8:09 AM on April 8 [2 favorites]
posted by dorothyisunderwood at 8:09 AM on April 8 [2 favorites]
Can you use the online versions of OneDrive or Teams on your own device?
https://teams.microsoft.com/
https://teams.microsoft.com/v2/
https://onedrive.live.com/
posted by TheophileEscargot at 11:18 AM on April 8
https://teams.microsoft.com/
https://teams.microsoft.com/v2/
https://onedrive.live.com/
posted by TheophileEscargot at 11:18 AM on April 8
Personally, I'd say don't do it, or they can accuse you of hacking.
I'd say start complaining to your boss, and ask should you get another device to get things done, or just say "I can't do my job like this".
posted by kschang at 2:09 PM on April 8
I'd say start complaining to your boss, and ask should you get another device to get things done, or just say "I can't do my job like this".
posted by kschang at 2:09 PM on April 8
Late to the thread but there are definitely things that can be done that prevent you from using your corporate account with Microsoft Teams on random computers and phones and tablets. My company's policy is "Our company's work should be performed on company owned devices" and we take technological steps to enforce this policy.
This is very much a politely complain to your management and their management that you do not have the resources needed to perform the job that they want you to perform.
posted by mmascolino at 12:30 PM on April 12
This is very much a politely complain to your management and their management that you do not have the resources needed to perform the job that they want you to perform.
posted by mmascolino at 12:30 PM on April 12
Well the odd thing is that per MSFT documentation I have access to the Graph API, so I'm on a Conditional Access (I think that's the name?) device, running PowerShell scripts to do what I could manually. The way I understand it is that Intunes acts as a tunnel, looks at the certificate installed on the machine, the application you're trying to access and whether or not that has a token or can be given a token. On top of that they have additional non-Entra Id software blocking stuff (formally known as AAD before Entra ID).
But I was previously using my credentials to access the Azure GraphQL to do what I needed on the company issued machine but someone noticed I was accessing the GraphQL through Powershell which required a separate AppID (?) that has not been setup to issue me a proper token. Again, I can and still do this manually through Teams. My idea was to avoid this and take non-company secret data move it off into my oddly more secure homelab as anyone with a real knowledge of security knows a poorly managed tool is way more susceptible then knowing about Yubikey and pkcs11, though I will admit I'm not a security expert and everything is susceptible to a data breach.
But we weren't talking about 100TB of historical sales data but NDAs I probably could just ask HR to send them to me if they still existed or moving my bash scripts to a machine to run them that yes, do take data, but have been anonymized. In fact I would have refused to work on any production data that would not have been anonymized to the point I would have brought it up the chain and/or quit. I know people who do things much more unethical (recording turned off for Teams calls and they record it with a webcam basically). Or take screenshots on their phone to basically OCR long documents then copy it back to their computer.
But what other people do is not what I was trying to do. The fact they have to use multiple programs because O365 isn't compliant enough tells you a lot, and even through all that they aren't setup right in the first place. When genuinely thinking I was doing something good like scaffolding projects on my company computer and received recognition for it, it got the lock down anything and then give me a million loopholes to jump through that ends up with basically asking for a budget which they know I don't have because the purpose is to justify a budget.
This lead to them uncovering the two job thing, and we got even more locked down. Developers who can't use Docker, etc. We aren't a bank they just don't want to support anything outside of what I'd describe a Chromebook type environment. They want us to use client laptops, but I do research so I'm in a touch spot.
In some irony the people I raised this up to (executives) are NOT locked down so they don't understand any issues. The ones who can access confidential data are the ones who are annoyed and tell IT to take their restrictions off.
Anyway, I've done everything "right" per their policy which is vague. They just have a bad security staff, doing two jobs.
I've been going about this a different way. I made friends with higher ups and was completely transparent about what I was doing to increase revenue which included SSH'ing to my homelab after my request for a work cluster or budget for cloud service was denied. He was flabbergasted on what I spent, I was transparent and said I couldn't do my job just reading articles I needed to see if things worked. He expressed his frustration while knowing how a large company can be. I've had some executives in writing saying what I was doing was fine and some having no idea what I was doing say no but we have to sell the product first then get budget to build it. Not end-to-end build it before a sale but just to see if it is technically feasible or determining a budget.
He's raising his concerns and was unaware that policies were arbitrarily applied especially to those who have payroll and actual sales data.
The tactic of "I need to to do this to do my job" even phrased gently did not work. I had to find someone who was smart enough technically, gain rapport, showed him progress I was making and explaining on my own budget I purchased hardware and software, erasing and bringing up the machines (containers) from scratch after the job was done, and even paid for pen testing.
Sorry for being meandering again, I was crushed on what I saw people doing (1) very unethical and illegal things possibly (2) my workflow and job success plummeting because i was being honest and transparent.
In the end it looks like building relationships and finding someone who knows you're basically being screwed by large politics is the only way to go. I could do everything by the book and it is so contradictory it is a lot easier to say no than yes.
Thanks all, I hope my long rant may help someone in the future. I understand not installing software and doing whatever is there for a reason, but without proper protocols that aren't designed to tell you no .... I was hired on as a professional and expected to be treated as one.
posted by geoff. at 9:36 AM on April 26 [1 favorite]
But I was previously using my credentials to access the Azure GraphQL to do what I needed on the company issued machine but someone noticed I was accessing the GraphQL through Powershell which required a separate AppID (?) that has not been setup to issue me a proper token. Again, I can and still do this manually through Teams. My idea was to avoid this and take non-company secret data move it off into my oddly more secure homelab as anyone with a real knowledge of security knows a poorly managed tool is way more susceptible then knowing about Yubikey and pkcs11, though I will admit I'm not a security expert and everything is susceptible to a data breach.
But we weren't talking about 100TB of historical sales data but NDAs I probably could just ask HR to send them to me if they still existed or moving my bash scripts to a machine to run them that yes, do take data, but have been anonymized. In fact I would have refused to work on any production data that would not have been anonymized to the point I would have brought it up the chain and/or quit. I know people who do things much more unethical (recording turned off for Teams calls and they record it with a webcam basically). Or take screenshots on their phone to basically OCR long documents then copy it back to their computer.
But what other people do is not what I was trying to do. The fact they have to use multiple programs because O365 isn't compliant enough tells you a lot, and even through all that they aren't setup right in the first place. When genuinely thinking I was doing something good like scaffolding projects on my company computer and received recognition for it, it got the lock down anything and then give me a million loopholes to jump through that ends up with basically asking for a budget which they know I don't have because the purpose is to justify a budget.
This lead to them uncovering the two job thing, and we got even more locked down. Developers who can't use Docker, etc. We aren't a bank they just don't want to support anything outside of what I'd describe a Chromebook type environment. They want us to use client laptops, but I do research so I'm in a touch spot.
In some irony the people I raised this up to (executives) are NOT locked down so they don't understand any issues. The ones who can access confidential data are the ones who are annoyed and tell IT to take their restrictions off.
Anyway, I've done everything "right" per their policy which is vague. They just have a bad security staff, doing two jobs.
I've been going about this a different way. I made friends with higher ups and was completely transparent about what I was doing to increase revenue which included SSH'ing to my homelab after my request for a work cluster or budget for cloud service was denied. He was flabbergasted on what I spent, I was transparent and said I couldn't do my job just reading articles I needed to see if things worked. He expressed his frustration while knowing how a large company can be. I've had some executives in writing saying what I was doing was fine and some having no idea what I was doing say no but we have to sell the product first then get budget to build it. Not end-to-end build it before a sale but just to see if it is technically feasible or determining a budget.
He's raising his concerns and was unaware that policies were arbitrarily applied especially to those who have payroll and actual sales data.
The tactic of "I need to to do this to do my job" even phrased gently did not work. I had to find someone who was smart enough technically, gain rapport, showed him progress I was making and explaining on my own budget I purchased hardware and software, erasing and bringing up the machines (containers) from scratch after the job was done, and even paid for pen testing.
Sorry for being meandering again, I was crushed on what I saw people doing (1) very unethical and illegal things possibly (2) my workflow and job success plummeting because i was being honest and transparent.
In the end it looks like building relationships and finding someone who knows you're basically being screwed by large politics is the only way to go. I could do everything by the book and it is so contradictory it is a lot easier to say no than yes.
Thanks all, I hope my long rant may help someone in the future. I understand not installing software and doing whatever is there for a reason, but without proper protocols that aren't designed to tell you no .... I was hired on as a professional and expected to be treated as one.
posted by geoff. at 9:36 AM on April 26 [1 favorite]
« Older Spouse is re-evaluating their gender identity. How... | 1st court appearance for 2 DUIs in one week. Go... Newer »
You are not logged in, either login or create an account to post comments
It sounds tough, though. Bon courage!
posted by rd45 at 11:02 PM on April 7 [5 favorites]