The Australian Taxation Office has launched a whole-of-agency tech crackdown on social media platform TikTok and other potentially rogue applications carried on employee-owned devices that are used also for work communications.
Tax last week formally told its around 20,000 employees it was changing course on its Mobile Device Management (MDM) policy, which is used to directly control ATO-owned smartphones and tablets but also sets parameters for employee-owned hardware authorised for some communications and productivity applications, such as email and Microsoft Teams.
The software can also ‘brick’, or permanently disable, handsets in case they are stolen or compromised.
Tax staff have been told the agency plans to “transition from Workspace One to Microsoft Intune (Intune)” and that access from non-enrolled bring-your-own-device (BYOD) will be limited as part of the tightening and upgrade, including staff on agency-issued devices being restricted to Outlook and access to clients like Apple Mail or VMware Boxer being cut.
“Intune is being implemented following a mandatory directive from the Attorney General’s Department, made under the Australian Government’s Protective Security Policy Framework.
“The directive focused on the security risks posed by the TikTok application,” the ATO said in the allstaff update co-signed by Justine Pammenter and Joda Walter, both acting assistant commissioners for Enterprise Solutions and Technology.
“Intune builds on the measures taken since the mandatory directive was issued, ensuring ATO data accessible from mobile devices cannot be accessed by unapproved applications.”
The government-wide ban on TikTok was issued by Attorney Generals in April 2023 and explicitly states that: “Entities must prevent installation and remove existing instances of the TikTok application on government devices unless a legitimate business reason exists which necessitates the installation or ongoing presence of the application.”
Tax has also had major issues with TikTok being used to propel first-person GST fraud scams that have cost taxpayers billions and were the target of Operation Protego.
“TikTok is currently blocked by a range of procedural and technical controls. These will be maintained and enhanced,” a Tax spokesperson told The Mandarin.
Under the proposed new MDM implementation approach, which is officially now out for consultation, Intune is to be loaded onto all ATO‑issued iPhones and iPads “and devices enrolled in the BYOD program at the same time employees are migrated to Exchange Online (EXO).”
Tax said “EXO migrations are occurring in weekly waves on weekends” and that employees would lose access to ATO data the devices being over that weekend.
“The rollout of Intune, aligned to EXO migration, is expected to occur between late November and mid‑December,” Tax said.
The Microsoft-led crackdown on ATO-owned mobiles used for work will also disable an array of functions when staff are “signed into M365 applications like Teams and Outlook using your ATO credentials”.
“ATO controls will apply — including restricting copying and pasting content from Teams outside of the application, and taking screenshots,” Tax said.
Staff on BYOD devices have been told “you’ll be able to use Teams and Webex applications on your personal mobile device but the features you can access will be limited.”
“For example, you’ll only be able to join Teams and Webex meetings as an external meeting participant or by using dial-in meeting details. With Teams, you can participate in meeting chats during the meeting, but won’t be able to use the chat once the meeting has ended,” Tax said.
The shift to Microsoft Intune will also prompt ATO staff to re-enrol their devices in the popular BYOD program, with Tax telling employees they “need to ensure your device meets the eligibility criteria and accept the BYOD agreement.”
An ATO spokesperson told The Mandarin that “applications may not be approved for general use for a variety of reasons. For example, they may be in contravention of workplace HR policies (gambling, inappropriate content etc.).
“Some of these other applications may be requested through an exemption if they have legitimate work purposes.”
The ATP confirmed, “ATO BYOD users will not be able to access TikTok from their devices enrolled in the ATO BYOD service.”
The ATO said the agency’s BYOD service was reviewed “as required when circumstances affecting the service change” and that “it is not presently under review but may change if associated circumstances change.”
The Apple iPhone and iPad are the BYOD devices of choice for Tax and the wider APS because Apple’s “walled garden” approach to its AppStore strongly vets any applications made available to users.
Mobile device management has had a circuitous history in the public service.
Ironically, Apple was initially not the first choice of standard issue mobile device for the APS when the Australian Government Information Management Office (AGIMO) started setting rules and standards almost 20 years ago, with the Blackberry initial to go-to government, corporate and OG choice.
When touch-screen smartphones hit in earnest after 2010, AGIMO had a crack at pushing Microsoft Windows smartphones to politicians and public servants, frustrating many in the process, with the erstwhile operating system’s notorious clunkiness.
In 2014, consumer-obsessed Apple effectively gave up on the enterprise and government segment of its mobile business, outsourcing and licensing it to IBM to manage as a value-added reseller.
Ten years later Microsoft has finally found a way to wrestle back control of the government mobile market via its workplace security solutions and institutional fear of state-sponsored social media, probably not the road to market Redmond had first mapped out for its mobile computing strategy.
READ MORE:
ATO hits the asset trail to recover a billion in Protego fraud losses
