Ambitious is contagious » User’s Privacy and Remote Actions on Fully Managed Mobile Devices

In my environment, mobile devices are enrolled in Microsoft Intune as fully managed devices. This gives the IT team strong control over corporate data, including the ability to remotely locate a device or wipe it when necessary.

However, even with full management, user privacy must always be respected.

When a Device Is Lost

If a user confirms that their mobile phone has been lost or stolen, Intune provides two quick remote actions.

Locate Device

When an administrator uses Locate device:

Intune determines the approximate location within a few seconds.
The user receives a notification informing them that the administrator is locating the device.
This transparency is intentional and required — users must always know when their location is being accessed.

This is an important privacy safeguard built into Microsoft Intune.

Wipe (Factory Reset)

If the device still has cellular data or Wi-Fi enabled, a remote wipe:

Starts within about 40 seconds,
Requires no on-device confirmation,
Immediately reboots the phone, and begins erasing all data.

Why Privacy Matters

Even on a fully managed corporate device, administrators cannot force location services or require cellular data to remain enabled at all times.
This is by design.
Despite being corporate-owned, a mobile phone is still carried by a real person every day. Forcing permanent location tracking or always-on connectivity would create unnecessary privacy risks and erode trust between the organization and the user.
Modern mobility management should protect both:

Corporate data, and
The user’s privacy.

Microsoft Intune follows this principle strictly.

Conclusion

It is not possible — nor recommended — to enforce continuously enabled location services or cellular data through Microsoft Intune.
Intune provides powerful remote actions when a device is lost, but it also ensures that user privacy is always respected.