Forum Discussion
iOS Device Restriction Settings - Enable Outlook to save managed contacts to device
Hello guys, I am struggling with a specific use-case: I would like to allow users to save Outlook contacts (company email == company contacts) to the native iOS contacts app. Outlook is a managed ap...
Hello,
I have managed to "solve" this issue. At the end of the day, I decided to not use the contacts that are being synced out of Outlook. Instead I am pushing an E-Mail profile and sync contacts as well as calendar from there (more details here: https://docs.microsoft.com/en-us/mem/intune/configuration/email-settings-ios#exchange-activesync-profile-configuration). Please note that OAuth must be enabled if the user accounts are secured with MFA.
Then I used the app protection policy to block the possibility for users to sync the contacts out of outlook by setting "Sync policy managed app data with native apps" to Block. (more info here: https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios#functionality). When this is set to block, the option "Save contacts" within the Outlook settings of your work account will disappear all together.
I hope this helps anyone in the future.
Best regards,
Labinot
I have managed to "solve" this issue. At the end of the day, I decided to not use the contacts that are being synced out of Outlook. Instead I am pushing an E-Mail profile and sync contacts as well as calendar from there (more details here: https://docs.microsoft.com/en-us/mem/intune/configuration/email-settings-ios#exchange-activesync-profile-configuration). Please note that OAuth must be enabled if the user accounts are secured with MFA.
Then I used the app protection policy to block the possibility for users to sync the contacts out of outlook by setting "Sync policy managed app data with native apps" to Block. (more info here: https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios#functionality). When this is set to block, the option "Save contacts" within the Outlook settings of your work account will disappear all together.
I hope this helps anyone in the future.
Best regards,
Labinot
ljasha Thanks for the fast reply.
But let me ask another question. If you sync the contacts with an E-Mail profile on the device, isnt whatspp (for example) having also access to these?
My aim is to have something similar like a "work profile". When the user is called they should see who is calling but whatsapp/threema or other apps should not be possible to see that information.
Do you know what i want to achieve? Is that even possible with InTune?
Best regards,
Michael
- Hi Michael,
no because the contacts that are being synced from the E-Mail device configuration profile are treated as "company/managed data" whereas the data that is synced from Outlook is not. Hence, the managed data cannot be seen by WhatsApp or other "private" apps if you set "Block viewing corporate documents in unmanaged apps" to Yes in the device configuration profile (https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-ios#app-store-doc-viewing-gaming).
I would suggest you to just test my mentioned setup. Note that if you push the E-Mail profile, you have to re-enter your work account password once the enrollment of the device is done. Once that is done and you open the iOS Settings a pop-up will come stating that you need to enter the password of your work account. Only then, the mails, calendar and contacts can be synced via iOS Settings > Mail > Accounts.
Best regards,
Labinot