cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

iOS managed contacts - how to deal with that?

PatrickF11
Steel Contributor

‎Jun 18 2020 02:31 AM

‎Jun 18 2020 02:31 AM

iOS managed contacts - how to deal with that?

Hi everyone,

 

the last years i've already tried to solve the problem with the managed contacts.

Because this was not possible earlier i forgot about that.

Now i want to readress this issue.

 

A very important article i've found is this one:

Techcommunity Success: New contact sync scenario available with Outlook for iOS on enrolled devices 

 

With this thread i would like to discuss some unanswered questions of myself.

I would really appreaciate any answer of you guys. :)

 

Goals:

  • Business contacts should be able to be read through contacts app (because of caller-id)
  • 3rd Party Messengers should not see these business contacts

Thesises:

  1. It is not possible to achive this with Outlook for iOS and it's contact sync feature, right? (Because of these contacts are going to be synced through icloud, therefore these contacts are marked as "unmanaged contacts.)
  2. It is possible to achive these goals by using:
    1. an device configuration profile which configures an active sync account which only synchronizes the contacts of the users mailbox. These contacts are considdered as "managed contacts"
    2. an app configuration profile which disables the "sync contacts" feature for "outlook for ios"
    3. An App protection policy which disables "Viewing corporate documents in unmanaged apps
  3. Because of the fact this is only working for enrolled and managed devices, we need to tell the users: Caller identification is only possible if you enroll your device in Intune. (in relation to the previous points)

 

So far, so good, but the bad news is:

  • Because of the incopatibility with conditional access policies, we're hence not able to restrict the user from using other apps to connect their EXO account. Right?

 

I would be very thankful if anyone can discuss this with me.

(I think the best way to adress the different topics is to quote my post and answer inline.)

 

Greetings,

Patrick

5,699 Views
0 Likes
5 Replies
Reply
5 Replies
PatrickF11

‎Jul 27 2020 01:54 AM

‎Jul 27 2020 01:54 AM

Re: iOS managed contacts - how to deal with that?

No one? :)

There must be oppinions out there. 

0 Likes
Reply
Thijs Lecomte

‎Jul 27 2020 05:47 AM

‎Jul 27 2020 05:47 AM

Re: iOS managed contacts - how to deal with that?

One option would be to turn off legacy authentication.
Configure Exchange Active Sync rules to only allow Active Sync for the default mail app on iPhone.
Turn off enterprise app user consent so that users can't add any third party apps.

Haven't tested this scenario though
0 Likes
Reply
PatrickF11

‎Jul 28 2020 03:48 AM

‎Jul 28 2020 03:48 AM

Re: iOS managed contacts - how to deal with that?

@Thijs Lecomte Hi and thank you for your reply.

 

My concerns are not about legacy or modern (by the way we disabled legacy authentication) but on how to deal with contacts.

Android is managing this one perfect:

  1. There is a managed contacts app with all the corporate exchange contacts of the user in it.
  2. The user can browse this contacts app or the native one and can dial a number right out of here.
  3. Third party apps like Whatsapp or others are not able to look into these managed contacts.

For iOS this must be possible, too, isn't it?

At the moment where the user enables the contact sync from the outlook for ios app, the contacts are going to be transfered throught the icloud into the native contacts app.

The Problem with this is, even if they're read-only, that 3rd party apps as mentioned before are able to see them.

We don't want to disable contact sync at all (because of caller-id for incoming calls) but 3rd party apps shouldn't be able to read them.

 

Did i stated this clearly? (Hopefully :) )

0 Likes
Reply
Thijs Lecomte

‎Jul 29 2020 07:43 AM

‎Jul 29 2020 07:43 AM

Re: iOS managed contacts - how to deal with that?

I understand your point. this might be possible with iOS User Enrollment, as this is the alternative for Work Profile. Have you checked this out?

I haven't tested this scenario though
0 Likes
Reply
tomzeni

‎Oct 12 2023 06:15 AM

‎Oct 12 2023 06:15 AM

Re: iOS managed contacts - how to deal with that?

Hey folks, there is an app called Secure Contacts, which handles Caller Identification on iOS in an much better way then the iOS managed contacts. The Secure Contacts app is also listed within the Intune Endpoint Manager as it supports intune app protection policies and conditional access as well.

Take a look at https://secure-contacts.com/en/
0 Likes
Reply