02-12-2019 11:58 AM
02-12-2019 11:58 AM
We are currently on Airwatch and iOS users use the Native Client, we are working on migrating to Intune (EMS+Security E5) and are getting some pushback about using the Outlook Client (Notifications, calendar, etc.).
What do we loose security wise if we stick with iOS native Client? I think there is some possible AIP problems (once that is implemented), has anyone has experience with that?
02-12-2019 02:33 PMSolution
08-19-2019 03:29 AM
09-10-2019 07:35 AM
Hi @Sofianeda1st ,
Just reading this thread as we have several executives that want to continue to use the native email and calendar, rather tham migrating to Outlook for IOS. Did you get that comparison table put together? If so, would it be possible for you to share it?
09-10-2019 10:31 AM
@fcorker I don't have a table but if there is any HIPAA, PCI, PHI or IP data in the Executives emails then I would warn them that continue using native email will let anyone
1. Backup this data to iCloud
2. Take Screenshots
3. Share with other apps (Manually or via a Virus)
4. Save on phone
If somone leaves the company they can easily restore all data data via iCloud and steal customers, IP and more, if the phone gets stolen then there is risk of that data leaking to hackers.
This thread came across my desk today, so I thought it would be good to reply and provide context as there are statements within that are not entirely accurate.
First and foremost, Apple provides a secure operating system and tests App store apps to be free of viruses and malicious code. Apple also releases software updates to address security vulnerabilities. For more information, see https://support.apple.com/guide/security/ios-and-ipados-app-security-overview-secf49cad4db/web and https://support.apple.com/en-us/HT201222.
Second, Intune App Protection Policies and apps that support them, like Outlook for iOS, do provide enhanced data protection features that are not otherwise available on unenrolled devices or unprotected apps. For example, ensuring corporate data can only be accessed after entering a PIN or via biometrics, blocking transfer to unprotected apps or personal accounts, providing selective wipe capabilities, etc. For more information on recommended policy settings, see https://docs.microsoft.com/mem/intune/apps/app-protection-framework.
Apple has robust enrollment capabilities (device, user, and supervised) that provide IT admins with the capability to protect corporate data. For example, admins can push down a managed EAS device profile for the native apps that when coupled with specific device restrictions prevents corporate data from being viewed in personal apps that are not managed by the MDM, prevents managed ActiveSync contacts from being exposed to personal apps, disables screen capture, and disables iCloud backups. For more information on how to do this with Intune, see https://docs.microsoft.com/mem/intune/configuration/device-restrictions-ios and https://docs.microsoft.com/mem/intune/configuration/email-settings-ios. On enrolled devices, App Protection Policies (cut/copy/paste, Save As, managed browser controls, etc.) can be used with apps that have integrated the Intune SDK to further protect corporate data.
As an engineering leader in Outlook and Intune, I believe Outlook for iOS provides an experience that is unparalleled with any other messaging and collaboration app. Outlook for iOS offers tight integration with Office 365, exceptional calendaring functionality, intelligence that anticipates our user's needs, and enhanced security capabilities. For more information, see http://aka.ms/startoutlookmobile and http://aka.ms/secureom.
Ross Smith IV
Principal Program Manager
Customer Experience Engineering
Just a few short thoughts i wrote down once upon a time, when i was facing the same situation.