End-user privacy is a major concern for you and your users. Workspace ONE UEM provides granular control over what data is collected from users and what collected data is viewable by admins.

Configure the privacy settings to serve both your users and your business needs.

  1. Navigate to Devices > Device Settings > Devices & Users > General > Privacy.
  2. Select the appropriate setting for GPS, Telecom, Applications, Profiles, and Network data collection.

    BYOD_CollectandDisplay Collect and Display – User data is collected and displayed in the UEM console.
    BYOD_CollectDoNotDisplay Collect Do Not Display – User data is collected for use in reports but is not displayed it in the UEM console.
    BYOD_DoNotCollect Do Not Collect – User data is not collected and therefore it is not displayed.
  1. Select the appropriate setting for the Commands that can be performed on devices.

    BYOD_CollectandDisplay Allow – The command is made on devices without permission from the user.
    BYOD_CollectDoNotDisplay Allow With User Permission – The command is made on devices but only with the permission of the user.
    BYOD_DoNotCollect Prevent – The command does not run on devices.

    Consider disabling all remote commands for employee-owned devices, especially full wipe. This disablement prevents inadvertent deletion or wiping of an end user's personal content.


    If you disable the wipe function for select iOS ownership types, users do not see the "Erase all content and settings" permission during enrollment.

    If you are going to allow remote control, file manager, or registry manager access for Android/Windows Rugged devices, consider using the Allow With User Permission option. This option requires the end user to consent to admin access on their device through a message prompt before the action is performed. If you opt to allow use of any commands, explicitly mention these commands in your terms of use agreement.

  2. For User Information, select Display or Do Not Display in the Console for the First Name, Last Name, Phone Number, Email Accounts, and user name data.

    If an option other than user name is set to Do Not Display, that data displays as "Private" wherever it appears in the UEM console. Options you set to Do Not Display are not searchable in the console. When a user name is set to Do Not Display, the user name displays as "Private" only on the Device List View and Device Details pages. All other pages in the UEM console show the user name of the enrolled user.

    You can encrypt personally identifiable information, including first name, last name, email address, and telephone number. Navigate to Groups & Settings > All Settings > System > Security > Data Security from the Global or Customer-level organization group you want to configure encryption for. Enabling encryption, selecting which user data to encrypt, and selecting Save encrypts user data. Doing so limits some features in the UEM console, such as search, sort, and filter.

  3. Select whether to Enable or Disable the Do Not Disturb Mode on the device. This setting lets user devices ignore MDM commands for a specified period. When Enabled, you can select a grace period or activation time in minutes, hours, or days, after which the Do Not Disturb Mode expires.

    For more information about using Do Not Disturb Mode, see the following VMware Knowledge Base article:  https://support.air-watch.com/articles/115001662448.

  4. Select to Enable or Disable the User-Friendly Privacy Notice on the device.

    • When Enabled, you may choose Yes (display a privacy notice) or No (do not display a privacy notice) for each ownership level: Employee Owned, Corporate - Dedicated, Corporate - Shared, and Unknown.
  5. Click Save. You must enter your PIN to save the changes. Click Save.

For more information about applying a Bring Your Own Device solution, see Introduction to BYOD.