I’m moving to Mexico next month and have ordered a glinet travel router. My company requires me to use the Microsoft auth app on my phone for some of the apps i use for work. Should I just install a VPN for both devices? My work computer is managed (JAMF)
Depends what the security is like. We receive security alerts for unauthorized countries, we can detect popular VPNs (like surfshark, HMA, nord etc.) Best bet would be if you have a relative or friend who would let you create a openvpn into their local network then do it
Depending on your companies environment this could easily raise suspicion if ever your VPN drops.
Example, let’s say your mobile is azure registered and you accept an MFA prompt while VPN is not connected. The Mexico login could trigger an investigation while the sign in logs show the device ID as your registered mobile. Definitely expect to explain that one if you have a security team that monitors suspicious logins.
I have no idea the laws around Mexico so I’m speaking very broadly and generically.
—-
There’s a lot of factors to consider. Company locations, security requirements, tax implications.
Like others have said, a slip up is all it will take.
Mexico isn’t banned like say Iran. But if your company has a contract with a vendor that says connections or access must be from the US, then they may be looking at all non-US connections.
If your work computer is managed by MDM (JAMF) they’ll probably see a VPN installed and that itself could be suspicious. If you have a mobile that’s on MDM, it’ll usually report back the carrier of the SIM.
The big issue is money. The company has a legal requirement to know where you are working to know the tax law to follow and labor laws to abide by. Hell taking your corporate assets to another country could require a VAT. This doesn’t take into account if you’re allowed to work in Mexico on a tourist visa (assuming you don’t have citizenship)
This is an absolutely terrible idea and many organizations would be furious if they found out. You will likely be fired sooner than later if you try to pull this off. There are legalities and security implications many organizations have to deal with where their data cannot leave the country. You would be in breach of this and likely invalidate their cyber security insurance policy.
I see yourself and others are talking about using a VPN, however your knowledge of VPNs is definitely lacking based on your posts here. Unless you are a networking expert, any VPN solution you set up is going to fail you sooner than later and your employer will find out. Also your workplace connectivity will likely suffer through a VPN tunnel as your latency and will increase drastically.
You should be straight forward with your employer that you are moving even if it risks you being let go. Depending on the organization you work in you could be liable for any breach of security which happens by you purposely taking their data out of the country.
As for VPNs, as a network admin it’s very easy for me to spot any employees who use a commercial VPN. Literally takes me seconds to identify the traffic. Your employer will find out.
Yeah a VPN can hide your location. This doesn’t seem like a good long-term play though. All it’ll take is for your phone or computer to connect without the VPN 1 time and the jig is up, activity in Mexico when you’re supposed to be in the US will likely trigger alerts that get a human’s attention. If this is just like, a “ride it out as long as I can” thing then more power to you, but I wouldn’t expect it to last long.
If you initiate a VPN connection from a work managed computer, there’s a possibility they will see it. The best way might be to set up a network device that handles all tunneling and anything you plug in comes back out in the correct country. I use a Mikrotik router for doing something similar.
Wait, are you using a corporate VPN then trying to use a VPN like Nord or something?
That’s not how that works. The corporate VPN already setup is through your companies IP / tunnel and using a secondary VPN will not work due to broadcasting a fake VPN. It’s not that your company will “catch it”, but protocols won’t allow it, if the true VPN is setup correctly.
What about getting a VM somewhere in the states?
Delete work apps from your phones.
Turn off auto start on OneDrive, teams, etc etc. They will definitely screw you over.
Getting a second phone that does not use cellular and using a VPN with a killswitch on the router and connect only the work laptop and second phone.
Do NOT connect to anything aside from that router. GL.Net has a few options worth looking into.
Set up your work computer with a trusted friend in the US, and RDP into it. Just put it on your friends home network and then set up a vpn to your friends network on your computer that you will use in mexico.
We block all known proxy subnets in to our services so changes are you might not be able to connect at all over your vpn.
Yes they will be able to tell.
I know someone who did this but from Europe. He had vpn and all was working well.
They found out because they needed to talk to him and called him. They got the international ring tone and they figured it out. He played it off like it was a short term thing and he was only there for a week… blah blah…
The reality was he had been doing it for months.
The moral of that story is that he put in place most of the precautions he could think of to avoid detection. Which worked! The problem was he didn’t think of all the ways to avoid detection.
If it’s for a few short months and you are remote anyway. You could always play it off like he did some family thing, didn’t know the policy. Honest mistake…
But he had to pull the plug on his time abroad to keep the narrative alive.
With that said I tend to agree with Popular
-objective-24. This is basically a breach of the Corp policy (as I understand it from the posts). You are knowingly violating it. You are not only violating it you are trying to cover up your actions to avoid detection.
If you are found out you will likely be terminated.
I feel like they’re pretty strict/psycho about it… i worked from mexico city for a week about a year ago and had to get special permission bc none of my apps worked while i was there
in my research and in this thread some have recommended enabling the kill switch feature…do you think this would resolve this scenario of the VPN dropping and my IT team receiving the flag?
well there are thousands of people who do it. your tone is defensive when this has nothing to do with you. you don’t know the industry i work in nor the contract i signed. this is simply a rule that my company sprung on us so we’d start working in the office again. my knowledge is lacking hence the question. kindly troll another post thanks!
He is looking for advice, not judgement. Who are you like? his mum?
thank you! i’m hoping it lasts just for the 4 months i’m there…but now i’m wondering if i should just quit altogether and enjoy my time/life instead haha