What is the corporate mobile device and service plan reimbursement policy in your organization? Does your company reimburse employees for cell phone devices and monthly service plans? How do you determine who is entitled to a corporate mobile device reimbursement? Does IT own the administration of the issuance of mobile devices and/or plans or have you outsourced it to a third-party service provider?

1k views7 Upvotes3 Comments

Head of Transformation in Government, 501 - 1,000 employees
I've got a strong view on this and I hope I don't offend. There's another post of mine from a few years back arguing the same.
Everyone has a phone (if not, that is an eccentric). Most people have unlimited or high capacity data plans. wifi is everywhere. Giving a phone to an employee for work is akin to handing out yet another usb key at a fair. Why do I want two devices when my main device is always in my hand and manages all of my identities for all of my roles in the cloud (from online banking to tiktok). Security should be security by design deep in the application layers and not dependent on defeatable COPE cloud access devices. Wait, you have now transitioned everything to the cloud, right? The debate on COPE vs BYOD and reimbursement schemes is an end of 20th century debate that doesn't make much sense in a cloud first, mobile-ubiquitous, digital native majority world. 
We threw out these reimbursement schemes and collected phones sometime ago, keeping exceptions only for selected VIPs from a certain generation. Most people want to access everything from their primary cloud device, and not be limited in accessing all of their roles and all of the data for all of those roles. And that is how, imho, one enables agility, productivity and engagement.
Director of IT in Government, 1,001 - 5,000 employees
We have both in play today, some users are reimbursed for their phones at a flat rate, we also have company owned devices that some people get at their request, and others that choose to use their personal devices at their own cost.  IT does own the company-issued devices.

The model that we go with is fairly simple, if you are or have to be on call as a part of your role you are eligible for the stipend for a cellphone.  If performing company business and are public/customer (public records plays a part in this) facing you are eligible to receive a company device if you choose. 

I agree with Paul to a degree, most every has a phone and most do not want 2 phones.  Where Paul and I begin to differ is around the expectation of use of that phone and what requirements are necessary for the company to use my cell phone (Security profiles, administrative settings, access to my personal data, public records requests).  Like many I pay 100$ a month for my cell service (yes there are cheaper options out there, but I like the service I get) I support a flat stipend for those that are required to be on call, after all this is my personal device that I paid 1000$ for and an additional 1200$ a year.  I think the choice is key giving everyone the option to decide are they willing to adhere to the requirements and use their personal device if yes then honor their investment into the service and device they pay for that the company does not have to shoulder.  If no and availability is key then supply a device for them.  There is a lot of nuance in this question and roles matter, expectations of use matter.  If its hey we need you to install an app so you can get pages from our system I think that is a different conversation and use case, vs. hey you need to respond from your mobile device and work.
1 Reply
Head of Transformation in Government, 501 - 1,000 employees

Every company differs. And Chad probably has good reason to have access to corporate services via personal phone restricted to corporate invasion of personal mobile cloud-access devices. But it is not the only option. We ended up removing all mobile management software, and administrative control of people's profiles. We shifted all of our services to public cloud saas and use dual factor authentication, access profiling and analytics and zero-trust policies to ensure security. How does Google protect their security by allowing you to access services via a phone? That's exactly how corporations should be doing it. There are a number of very good post in this community on zero-trust and a hot debate around mobile phones in a number of threads from about 3 years ago.

It is annoying sometimes of course, continuous authentication and passwordless systems can be a pain when the machine wants me to authenticate because I've changed location or IP, or activated my VPN, or switched rapidly between private and corporate Microsoft services, but it's a lot less annoying than the control over my personal device or defeating the purpose of mobile by carrying two phones. 

Content you might like

Physical Access Control28%

Regulatory & Compliance61%

Maintenance & Updates10%




Agile methodology57%

Waterfall methodology38%

DevOps methodology5%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
42.2k views131 Upvotes319 Comments