Your question specifically concerns the data administrators have access to though. That info can be found in our guide to reading the Authentication Log report in the Duo Admin Panel. Duo admins generally can see the following about personal phones used to authenticate into Duo-protected applications:
If an authentication attempt was denied due to a policy you have in place, such as a device using an out-of-date version of software.
Access Device: The OS, browser, Flash version, Java version, location, and IP address of the device used to access the Duo-protected application. Some of this information will only appear if it is available (such as location) or applicable.
Second Factor: Shows the method used as a second factor, the type of device used to complete 2FA, the location of the device, and the IP address of the device. Some of this information will only appear if it is available or applicable.
I hope that answer helps! Let me know if you have additional questions. Oh, and welcome to the Duo Community