Ok, fair point. However, I would consider any MDM-enabled device fully "compromised" in the sense that the org can see and modify everything I do on it.

▲

p2detar 5 hours ago | parent [-]

An MDM orga cannot install a trusted CA on non-supervised (company owned) devices. By default on BYOD these are untrusted and require manual trust. It also cannot see everything on your device - certainly not your email, notes or files, or app data.

	▲	layer8 2 hours ago \| parent \| next [-]
		If it is untrusted, you also won’t have a TLS connection be established based on that CA.
	▲	somebudyelse 4 hours ago \| parent \| prev [-]
		[dead]