Forum Discussion
iOS Native VS Outlook
- Hi Daniel Schmidt,
You can't implement app protection policies on the native IoS app. Good articles to read are:
https://docs.microsoft.com/en-us/intune/app-protection-policy
https://www.systemcenterdudes.com/intune-ios-mail-outlook-app/
It is also more difficult in terms of support, as you are using a non-microsoft app for mail.
By using native mail app and not using app protection policies, users can download the organisations mail and data out of the native app onto the device and then potentially upload it to third party apps, possibly to competitors.
https://practical365.com/clients/mobile-devices/intune-mam-conditional-access-policies/
In other words, it facilitates data leakage and insider threats.
Hope that answers your question!
Best, Chris
MicrosoftDaniel Schmidt, ChrisHoardMVP , fcorker
This thread came across my desk today, so I thought it would be good to reply and provide context as there are statements within that are not entirely accurate.
First and foremost, Apple provides a secure operating system and tests App store apps to be free of viruses and malicious code. Apple also releases software updates to address security vulnerabilities. For more information, see https://support.apple.com/guide/security/ios-and-ipados-app-security-overview-secf49cad4db/web and https://support.apple.com/en-us/HT201222.
Second, Intune App Protection Policies and apps that support them, like Outlook for iOS, do provide enhanced data protection features that are not otherwise available on unenrolled devices or unprotected apps. For example, ensuring corporate data can only be accessed after entering a PIN or via biometrics, blocking transfer to unprotected apps or personal accounts, providing selective wipe capabilities, etc. For more information on recommended policy settings, see https://docs.microsoft.com/mem/intune/apps/app-protection-framework.
Apple has robust enrollment capabilities (device, user, and supervised) that provide IT admins with the capability to protect corporate data. For example, admins can push down a managed EAS device profile for the native apps that when coupled with specific device restrictions prevents corporate data from being viewed in personal apps that are not managed by the MDM, prevents managed ActiveSync contacts from being exposed to personal apps, disables screen capture, and disables iCloud backups. For more information on how to do this with Intune, see https://docs.microsoft.com/mem/intune/configuration/device-restrictions-ios and https://docs.microsoft.com/mem/intune/configuration/email-settings-ios. On enrolled devices, App Protection Policies (cut/copy/paste, Save As, managed browser controls, etc.) can be used with apps that have integrated the Intune SDK to further protect corporate data.
As an engineering leader in Outlook and Intune, I believe Outlook for iOS provides an experience that is unparalleled with any other messaging and collaboration app. Outlook for iOS offers tight integration with Office 365, exceptional calendaring functionality, intelligence that anticipates our user's needs, and enhanced security capabilities. For more information, see http://aka.ms/startoutlookmobile and http://aka.ms/secureom.
Ross Smith IV
Principal Program Manager
Customer Experience Engineering
Just a few short thoughts i wrote down once upon a time, when i was facing the same situation.
- easier management of the outlook app
- you can secure the app even when the device is not enrolled in management. (App protection)
- cloud integration
- ability to directly open files from onedrive or sharepoint itself
- send attachements out of onedrive
- calendar integration
- ability to see availability and send appropriate meeting invitations based on availability
- usability e.g. swipe actions like "rescheduling a mail
- easier management of the outlook app
