Originally Posted by hdawg
I would think this onus would be on the party adding the account to the BES, no?
In this instance the user has a company issued BB and states above that an enterprise activation username and password has been used several times for troubleshooting. So in theory a user calls up IT and requests their enterprise username + pwd, there is a known history of using this as a reset method, so IT give the password out. Next thing they know, IT see an "unknown" device on BES.
Depending on the IT Policy and AUP of the organisation, it could well be a breach. For example our users are not allowed to connect, or attempt to connect, any device or media to a corporate system where the device or media has not been issued or authorised by IT.
Truth be told, if one of my users requested enterprise activation passwords and did not make it clear it was for a 3rd party owned device, I would report them for breach of security policy...