Forum Discussion
iOS Device Restriction Settings - Enable Outlook to save managed contacts to device
Hello guys,
I am struggling with a specific use-case: I would like to allow users to save Outlook contacts (company email == company contacts) to the native iOS contacts app. Outlook is a managed app and is available to all users.
Now I am not quite sure based on the recent blog and the official documentation how to configure it properly without allowing un-managed apps (like WhatsApp) so see or sync the managed contacts that were synced from Outlook to the native contacts app.
Especially the official documentation is a bit confusing. On the setting Viewing non-corporate documents in corporate apps it states that it blocks "viewing non-corporate documents in unmanaged apps". Which does not make sense from my point of view. Instead it should be "prevents viewing corporate documents in unmanaged apps" or am I missing something?
Just to rephrase my use-case and what I want to achieve, for better understanding:
I want to log-in in Outlook with my work account and sync my business contacts to the native iOS contacts app. However, I want to prevent unmanaged apps to be able to see or sync the business contacts.
Currently I have the device restriction profile configured as follows:
Thank you for your help!
5 Replies
Hello ljasha
I recommend to take a closer look at App Configuration policy instead, there is a long section about Save Contacts in Microsoft docs. What you need to do is first go over the flowchart to determine which type of policy you should create and once that is on lock, you can start playing around with the App configuration policy (chart source) to see if the results fit your expectations and there is no accidental leaks.
There was a similar question asked just recently in this forum iOS Outook sync to Contact app, protection from non managed apps, probably a good idea to go through that as well, as there is a lot of nuance to this topic.
- Hello,
I have managed to "solve" this issue. At the end of the day, I decided to not use the contacts that are being synced out of Outlook. Instead I am pushing an E-Mail profile and sync contacts as well as calendar from there (more details here: https://docs.microsoft.com/en-us/mem/intune/configuration/email-settings-ios#exchange-activesync-profile-configuration). Please note that OAuth must be enabled if the user accounts are secured with MFA.
Then I used the app protection policy to block the possibility for users to sync the contacts out of outlook by setting "Sync policy managed app data with native apps" to Block. (more info here: https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios#functionality). When this is set to block, the option "Save contacts" within the Outlook settings of your work account will disappear all together.
I hope this helps anyone in the future.
Best regards,
Labinotljasha Thanks for the fast reply.
But let me ask another question. If you sync the contacts with an E-Mail profile on the device, isnt whatspp (for example) having also access to these?
My aim is to have something similar like a "work profile". When the user is called they should see who is calling but whatsapp/threema or other apps should not be possible to see that information.
Do you know what i want to achieve? Is that even possible with InTune?
Best regards,
Michael
I do have the same issue. Any hints on that?
