Ask LH: Should I Use My Personal Laptop For Work?

Ask LH: Should I Use My Personal Laptop For Work?
Image: iStock

This week’s question from Lifehacker reader Mike is something that many of us have had to deal with at one point in our lives: the irritating balance between technology, one’s personal life, and the demands of one’s professional life.

On to Mike’s dilemma. It’s a biggie, but it’s absolutely worth reading:

I’ll try to keep the backstory simple: At the beginning of this year, I started a new position as a contract employee for a consulting organisation. This is a virtual worldwide business so 95% of employees work from home. As a contract employee, I was required to use my own device without reimbursement (this was fine, I just recently bought a new laptop for personal use and didn’t really care to use two devices). We used Skype to communicate and Sharepoint for file sharing – no big deal, everything worked fine. After my contract was complete, I was offered a permanent position (yay!) and continued with the same work structure on my personal device. All was still well functionality wise.

Recently, my firm began an overhaul of their IT infrastructure. They recently asked us to upgrade to Windows 10 Professional, the cost of which was reimbursed. No big deal. Then, we were asked to establish a Windows 10 Enterprise profile on our laptops. This involves creating a new user account and also joining their Azure Active Directory (whatever that is…). As I was reading through the instructions to do this, I noticed some prompts that were a bit concerning. Specifically:

  • [when initially connecting to my work account] Connecting means that your work or school might control some things on this device, such as what settings you can change

  • [when joining the Azure AD] These actions will set up the device as your organisation’s and give your organisation full control over this device.

Are there any security concerns here if I continue to use my personal laptop for personal and business use? Will I be able to run both accounts or does this effectively become a work PC only? Anything else I should know or inquire about to ensure my data is safe?

I do also have the option of being issued a separate work laptop, but am intrigued by the convenience of using only one device (assuming my data will remain secure).

I completely understand your desire to keep your technological life simple, and I want to lead off with a clear and precise answer. When you use a laptop that your company controls — whether they gave it to you or they have administrator access to the operating system that powers your machine—you should assume that anything and everything you do is logged, tracked, or viewable in some fashion. Expect no privacy, and don’t do a single thing on that device that you wouldn’t be comfortable doing with your boss (or the head of HR) standing over your shoulder.

I realise that sounds a little drastic, but staying strict is the surest way to avoid any workplace problems whatsoever — as far as your gear goes. I’m not implying that you’re the kind of person who is likely to get into trouble for that sort of thing, but I also don’t want to downplay the significance about the open window your job now has into your technological life.

I don’t work in IT, and I’m not super-familiar with the nuances of enterprise setups, but I would err on the side of caution in your case. Even if you have two user accounts in Windows 10 — one for personal things and one for work things (that blasted you with scary prompts when setting it up) — I’d keep everything you’re doing on the laptop work-related going forward.

Assuming a best-case scenario, where the contents of your personal account is perfectly hidden and encrypted so nobody else can see what you’re storing in your user folders (or what you’ve downloaded to them), there are plenty of other reasons why it’s important to create this separation. You need to set a mental switch, if nothing else. This ensures that you don’t accidentally look at a site you shouldn’t, or download something you didn’t mean to, when you’re on your work account instead of your personal one.

Mistakes happen. They might not even be your mistakes. I’ve had plenty of friends get hit with the dreaded “someone texted me during a work presentation and a preview popped up on my MacBook and oh God” problem. Keeping your personal accounts and data walled off from your work environment protects you from these sorts of situations, and the easiest way to do so is to use work devices for work and personal devices for everything else.

Additionally, you have no idea what’s in store for your system from your employer’s IT department. What if they push some kind of update that accidentally bricks your device, making it impossible for you to access your work and personal data? You might not miss the former as much as you’ll miss the latter, especially if you haven’t backed up your photos, movies, or documents in a while.

Additionally, why add extra wear and tear to your laptop if you don’t have to? That’s eight (or more) extra hours each day that you’re stressing your battery or running mechanical parts that might fail sooner than they otherwise would. If a company laptop breaks down, the company probably has a replacement it can give you right away—or established, easy ways to get your laptop fixed up. If your personal laptop breaks down, that’s on you. There’s no guarantee the company will pony up for repairs, or that it will even get you a new one. It’s your laptop, after all.

When you leave your job — especially if it’s an unexpected departure — IT might wipe your entire laptop without giving you a heads-up. That could be a problem for you, and it’s another great reason to not combine work and personal data on the same device.

You mention at the end of your email that you have the option to get a work-issued laptop. That might sound like an inconvenience at first, but it’s the perfect way to maintain church-and-state-like separation between your two lives. You’ll have to resist the urge to do little things for convenience, like setting up your personal Gmail account or your favourite messaging service on your work laptop. That will be annoying in some instances, but the privacy you’ll maintain is worth it. And if your personal laptop breaks for any reason, at least you’ll have a backup you can use for the basics: web searches, driving directions, a safe-for-work YouTube video to cheer you up, et cetera.

Going forward, a great way to get around this entire work/life balance issue is to tell your employer (or a future employer) that you have no technological resources whatsoever. Your smartphone? Doesn’t exist. You have a dumb T9 device. You laptop broke and you haven’t purchased a replacement. You’ve never owned a desktop PC.

Let the company provide the resources you need to do the best work possible. Don’t volunteer your gear if you don’t have to.

This story has been updated since its original publication.


  • Or you could do the smart thing – run VMware Workstation or Fusion on your Personal computer, build the Windows 10 Guest machine inside the VMware environment – let corporate control the hell out of the VM which can join Active Directory till the cows come home, delete its contents, whatever they want. They cannot touch what is outside that VM container. 100% convenience of running your personal stuff in the non virtualised parent OS.

    • I was going to suggest something similar.

      I wouldn’t let them dictate what I had to do with my personal machine, but I’d be willing to create a VM and they can have control over that.

      Another possibility might be to make your machine dual boot. And literally install two OSes on it. Though it’s probably easier to just use the VM.

      As for the company attitude, I’d be a bit concerned about a company who required you to use a PC but expected you to provide your own. That seems really cheap. If they’re willing to exploit their workers in that way, what other ways are they going to exploit you?

  • Looks like your organisation has set up Workplace Join. There’s two kinds of Azure AD connections: Device Registration and Workplace Join. Device Registration is built for BYOD scenarios such as this, and Workplace Join is for corporate-owned devices.

    Workplace Join gives the organisation full control over the device, including remote screen-scraping, file access and geolocation. You absolutely do not want to do this on a personal laptop.

    If you don’t want to splash out on a separate laptop and are reasonably tech-cluey, installing a virtual machine (using VirtualBox or Hyper-V) and joining that to your org will give you functional separation. It will also give you the benefit of being able to continue to claim your laptop as a work expense come tax time.

  • As an IT professional, I would 100% back this advice. Do not use your personal device for work in this context, you are essentially handing ownership of your laptop over to them.

    Did you know that setting up work email on your phone enables your employer to remotely wipe your phone? Most people probably don’t realise this, but also probably don’t worry too much about it either. With your laptop it’s the same thing, except it gives them access and control too.

    Most organisations that expect you to use your own device will have a BYOD policy that defines explicitly what you can and can’t do and what they can and can’t do too. The purpose of this control here is to prevent unwanted (intentional or unintentional) compromise of their systems and data. But there are ways of doing this without taking over control of your device, for example through cloud apps, remote desktops or published remote apps. Your employer should be using these technologies and not getting you to join your personal laptop to their organisation.

    • I agree with what you said regarding the users laptop. But I had a question regarding your statement with the email/remote wipe of a users phone. How does this work? What os/email provider/app? I do IT for a small company and have all our managers add our work email and services (G-suite) to their personal phones both via android and iOS so this concerns me. Would hate for that to happen.

      • Possibly less of a concern with G-Suite, to be honest I’d have to look into it.

        It’s a feature of ActiveSync, so the device, OS and app are irrelevant. If they implement the ActiveSync protocol then they support this feature and theoretically enable this to be done. I’m fairly certain Google moved away from ActiveSync in favour of their own protocol a few years ago, but with that said I wouldn’t be surprised if they support this function too.

    • As a contractor, BYOD is a great way to write down the cost of a laptop – it’s a tax deduction.

      Failing to give you a laptop when you became permanent? Incompetence at best, a dick move at worst.

  • Yep, just don’t do it.
    Work laptop for work (and therefore they can put whatever policies they want on it), personal laptop for personal.
    Work out the tax implications/depreciation too.

  • I have a work laptop and personal one for this very reason, I also have a personal mobile and work mobile (more for work/life reasons).
    I would go for the work machine and maybe even change where you do work versus play. Even if it’s as simple as window end of desk versus door…
    Great for your sanity as well!

Show more comments

Log in to comment on this story!