Home

Combination of Managed Contacts and Conditional Access

%3CLINGO-SUB%20id%3D%22lingo-sub-389899%22%20slang%3D%22en-US%22%3ECombination%20of%20Managed%20Contacts%20and%20Conditional%20Access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-389899%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20together%2C%3C%2FP%3E%3CP%3Efor%20reasons%20of%20GDPR%20compliance%20we%20would%20like%20to%20use%20the%20Native%20iOS%20Mail%20App%20with%20a%20managed%20account%20(%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIntune-Customer-Success%2FSupport-Tip-iOS-11-3-and-Native-Contacts-App%2Fba-p%2F280092%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Eios%20Managed%20Contacts%3C%2FA%3E)%20to%20prevent%20e.g.%20the%20access%20of%20WhatsApp%20to%20contacts.%20In%20addition%2C%20we%20are%20currently%20implementing%20a%20conditional%20access%20policy%20that%20requires%20a%20device%20to%20be%20compliant%20and%20the%20app%20to%20be%20approved%20to%20have%20access%20to%20all%20cloud%20apps.%20As%20I%20see%20it%2C%20the%20native%20mail%20app%20is%20blocked%20because%20its%20not%20an%20%22approved%20Client%20App%22.%20Is%20there%20any%20way%20to%20make%20the%20scenario%20work%3F%3C%2FP%3E%3CP%3EMy%20current%20workaround%20in%20the%20test%20is%20to%20exclude%20Exchange%20from%20the%20CA%20policy%20and%20only%20check%20for%20Compliance%20in%20another%20policy%20only%20for%20Exchange.%20But%20in%20his%20way%20I%20can't%20prevent%20that%20e.g.%20third-party%20mail%20apps%20are%20used.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20or%20Clarification%20would%20be%20great%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-389899%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-396379%22%20slang%3D%22en-US%22%3ERe%3A%20Combination%20of%20Managed%20Contacts%20and%20Conditional%20Access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-396379%22%20slang%3D%22en-US%22%3EUsing%20the%20native%20application%20to%20sync%20your%20contacts%20will%20let%20all%20applications%20on%20the%20managed%20device%20access%20the%20saved%20contacts%2C%20when%20t%20leaves%20Outlook.%3CBR%20%2F%3E%3CBR%20%2F%3EA%20workaround%20could%20be%20to%20only%20save%20some%20of%20the%20details%20from%20Outlook%20-%20Name%20and%20Phone%20number.%20but%20don't%20think%20this%20will%20make%20you%20GDPR%20compliant%20in%20case%20of%20audit.%20(im%20not%20a%20GDPR%20expert)%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Foutlook-for-ios-and-android%2Foutlook-for-ios-and-android-configuration-with-microsoft-intune%23configure-contact-field-sync-to-native-contacts-for-outlook-for-ios-and-android%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Foutlook-for-ios-and-android%2Foutlook-for-ios-and-android-configuration-with-microsoft-intune%23configure-contact-field-sync-to-native-contacts-for-outlook-for-ios-and-android%3C%2FA%3E%3C%2FLINGO-BODY%3E
Alexander Fetscher
New Contributor

Hello together,

for reasons of GDPR compliance we would like to use the Native iOS Mail App with a managed account (ios Managed Contacts) to prevent e.g. the access of WhatsApp to contacts. In addition, we are currently implementing a conditional access policy that requires a device to be compliant and the app to be approved to have access to all cloud apps. As I see it, the native mail app is blocked because its not an "approved Client App". Is there any way to make the scenario work?

My current workaround in the test is to exclude Exchange from the CA policy and only check for Compliance in another policy only for Exchange. But in his way I can't prevent that e.g. third-party mail apps are used.

 

Any help or Clarification would be great 

 

1 Reply
Using the native application to sync your contacts will let all applications on the managed device access the saved contacts, when t leaves Outlook.

A workaround could be to only save some of the details from Outlook - Name and Phone number. but don't think this will make you GDPR compliant in case of audit. (im not a GDPR expert)
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-...
Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
7 Replies