SOLVED

iOS Native VS Outlook

Brass Contributor

Hello,

 

We are currently on Airwatch and iOS users use the Native Client, we are working on migrating to Intune (EMS+Security E5) and are getting some pushback about using the Outlook Client (Notifications, calendar, etc.).

 

What do we loose security wise if we stick with iOS native Client?  I think there is some possible AIP problems (once that is implemented), has anyone has experience with that?

 

Thank you

 

Daniel

12 Replies
best response confirmed by adam deltinger (MVP)
Solution
Hi @Daniel Schmidt,

You can't implement app protection policies on the native IoS app. Good articles to read are:

https://docs.microsoft.com/en-us/intune/app-protection-policy
https://www.systemcenterdudes.com/intune-ios-mail-outlook-app/

It is also more difficult in terms of support, as you are using a non-microsoft app for mail.

By using native mail app and not using app protection policies, users can download the organisations mail and data out of the native app onto the device and then potentially upload it to third party apps, possibly to competitors.

https://practical365.com/clients/mobile-devices/intune-mam-conditional-access-policies/

In other words, it facilitates data leakage and insider threats.

Hope that answers your question!

Best, Chris

Hello @ChrisHoardMVP 

Thank you for this answer. 

Is it a good idea to move from iOS Native Mail to Microsoft Outlook for iOS. I should find a table that compares the 2 products and what's the best for our users.

Hi @Sofianeda1st

I can't find a direct comparison table - but I hope that this article will suffice as to why Outlook for IoS is the best - and recommended by Microsoft for both functionality and security.

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-...

You would use the Outlook for IoS app in conjunction with Intune which would manage the app and apply app protection and configuration policies.

Best, Chris

Thank you @ChrisHoardMVP for the link. 

For the moment I'm gonna stay neutral, but I've to make a table to compare these 2 products & to say what's the best for our users (Should the user stay on Mail App iOS or move to Microsoft Outlook and Why? 

Hi @Sofianeda1st ,

 

Just reading this thread as we have several executives that want to continue to use the native email and calendar, rather tham migrating to Outlook for IOS.  Did you get that comparison table put together?  If so, would it be possible for you to share it?

 

Thanks!  Frank

 

@fcorker I don't have a table but if there is any HIPAA, PCI, PHI or IP data in the Executives emails then I would warn them that continue using native email will let anyone

1. Backup this data to iCloud

2. Take Screenshots

3. Share with other apps (Manually or via a Virus)

4. Save on phone

 

If somone leaves the company they can easily restore all data data via iCloud and steal customers, IP and more, if the phone gets stolen then there is risk of that data leaking to hackers.

@Daniel Schmidt Thank you, Excellent points, and pretty high risk.  

Frank

@Daniel Schmidt@ChrisHoardMVP , @fcorker  

This thread came across my desk today, so I thought it would be good to reply and provide context as there are statements within that are not entirely accurate.

 

First and foremost, Apple provides a secure operating system and tests App store apps to be free of viruses and malicious code. Apple also releases software updates to address security vulnerabilities. For more information, see https://support.apple.com/guide/security/ios-and-ipados-app-security-overview-secf49cad4db/web and https://support.apple.com/en-us/HT201222.

 

Second, Intune App Protection Policies and apps that support them, like Outlook for iOS, do provide enhanced data protection features that are not otherwise available on unenrolled devices or unprotected apps. For example, ensuring corporate data can only be accessed after entering a PIN or via biometrics, blocking transfer to unprotected apps or personal accounts, providing selective wipe capabilities, etc. For more information on recommended policy settings, see https://docs.microsoft.com/mem/intune/apps/app-protection-framework.

 

Apple has robust enrollment capabilities (device, user, and supervised) that provide IT admins with the capability to protect corporate data. For example, admins can push down a managed EAS device profile for the native apps that when coupled with specific device restrictions prevents corporate data from being viewed in personal apps that are not managed by the MDM, prevents managed ActiveSync contacts from being exposed to personal apps, disables screen capture, and disables iCloud backups. For more information on how to do this with Intune, see https://docs.microsoft.com/mem/intune/configuration/device-restrictions-ios and https://docs.microsoft.com/mem/intune/configuration/email-settings-ios. On enrolled devices, App Protection Policies (cut/copy/paste, Save As, managed browser controls, etc.) can be used with apps that have integrated the Intune SDK to further protect corporate data.

 

As an engineering leader in Outlook and Intune, I believe Outlook for iOS provides an experience that is unparalleled with any other messaging and collaboration app. Outlook for iOS offers tight integration with Office 365, exceptional calendaring functionality, intelligence that anticipates our user's needs, and enhanced security capabilities. For more information, see http://aka.ms/startoutlookmobile and http://aka.ms/secureom.

 

Ross Smith IV
Principal Program Manager
Customer Experience Engineering

That's awesome thanks @Ross Smith IV

Best, Chris

@ChrisHoardMVP 

 

Just a few short thoughts i wrote down once upon a time, when i was facing the same situation.

 

  1. easier management of the outlook app
    1. you can secure the app even when the device is not enrolled in management. (App protection)
  2. cloud integration
    1. ability to directly open files from onedrive or sharepoint itself
    2. send attachements out of onedrive
  3. calendar integration
    1. ability to see availability and send appropriate meeting invitations based on availability
  4. usability e.g. swipe actions like "rescheduling a mail

 

Great. Unfortunately, the outlook is draining the battery, which this specific application's consumption is alarming than all others in IoS. Also, the outlook occupied nearly 1.5gB space of my storage. The native application is just 11MB. As I am just a user of mobile phone, what is the advice, experts you are all going to give. Please advise.

@Foretec I'd no such experience as described.

Yes, my Outlook for iOS App uses caching (in my case 270MB of the app itself, and 400MB of "documents & data".

What i didn't experience either is the battery drainage you described. In the overall battery summary for 10 days my outlook app is on rank #5 (nearly 2 hours in foreground and 26min in background.)

 

Can you state this clearer for all the others here? 🙂

1 best response

Accepted Solutions
best response confirmed by adam deltinger (MVP)
Solution
Hi @Daniel Schmidt,

You can't implement app protection policies on the native IoS app. Good articles to read are:

https://docs.microsoft.com/en-us/intune/app-protection-policy
https://www.systemcenterdudes.com/intune-ios-mail-outlook-app/

It is also more difficult in terms of support, as you are using a non-microsoft app for mail.

By using native mail app and not using app protection policies, users can download the organisations mail and data out of the native app onto the device and then potentially upload it to third party apps, possibly to competitors.

https://practical365.com/clients/mobile-devices/intune-mam-conditional-access-policies/

In other words, it facilitates data leakage and insider threats.

Hope that answers your question!

Best, Chris

View solution in original post