Outlook for iOS (MAM only Call Identification)
In order of the implementation of O365/M365 and with it Microsoft Intune, Outlook for iOS has become the standard mail client on iOS devices for many customers today. This is due to the excellent user experience and the constant stream of new features implemented by Microsoft. From a security perspective, in addition to the provision on managed devices (managed by Intune), the secure use on unmanaged devices with MAM or App Protection Policies (APP) is a big argument for using Outlook for iOS. Currently, many ouf our customers are working on a BYOD setup for blue collar worker, who typically have a maximum of one email inbox. A big pain point for many users who use Outlook for iOS in an MAM-only setup (and for MDM setup with Intune) is the missing caller identification of Exchange Online (EXO) contacts. Outlook for iOS supports a one-way contact export process whereby contacts from within Outlook for iOS can be exported into the personal (unmanaged) part of the native iOS Contacts app. This means a contact must first be imported into the users personal contacts directory of EXO and then exported from Outlook for iOS to the native (unmanaged) iOS Contact app in order to see who is calling. This functionality enables Caller-ID, iMessage, and FaceTime integration for users’ Outlook contacts. The exported Outlook contacts are considered unmanaged and are accessible by unmanaged, personal apps. Especially for European customers who are subject to GDPR compliance, this is a no go, as personal data and company data must not be mixed. The unintentional outflow of contact data worthy of protection to commercial platforms, such as WhatsApp or Google, and the unintentional synchronization of address books with social media apps, represents a significant GDPR risk. Although the user's personal EXO contacts can be synchronized, there is currently no option to synchronize the GAL. Furthermore, there is currently no provision in Outlook for iOS to synchronize the GAL cyclically. The user has to add a GAL contact to his personal contacts as described above and then within the Outlook for iOS app export the contact to his native iOS contacts app to be able to see who is calling. To meet the GDPR compliance, we need to prevent the contact export. So this is not a solution. The question to ask is: Why does a user need to export a GAL/personal contact to their native iOS Contact app? There are already several paid app solutions that close exactly this gap (ebf Contacts, Secure Contacts, etc.) which offer more or less the same range of functions. The app builds a container and downloads the managed address books (GAL, personal) of the user and then enables the resolution of the CallerID or identification of the caller via the so-called Apple CallKit integration. Apple has been offering the so-called CallKit integration for years. With CallKit you can integrate your calling services with other call-related apps on the system. CallKit provides the calling interface, and you handle the back-end communication with your VoIP service. For incoming and outgoing calls, CallKit displays the same interfaces as the Phone app, giving your app a more native look and feel. CallKit also responds appropriately to system-level behaviors such as Do Not Disturb. In addition to handling calls, you can provide a Call Directory app extension to provide caller ID information and a list of blocked numbers associated with your service. When a phone receives an incoming call, the system first consults the user’s contacts to find a matching phone number. If no match is found, the system then consults your app’s Call Directory extension to find a matching entry to identify the phone number. This is useful for applications that maintain a contact list for a user that’s separate from the system contacts, such as a Outlook for iOS. For example, consider a user who is a colleague to Jane, but doesn’t have her phone number in their contacts. If the Outlook for iOS app has a Call Directory app extension, which downloads and adds the phone numbers of all of the user´s colleagues. When the user gets an incoming call from Jane, the system displays something like “(App Name, e.g. Outlook) Caller ID: Jane Appleseed” rather than “Unknown Caller”. The effort to integrate the Call Directory Extension is minimal and would solve many pain points from both a security and user experience perspective. Apple has documented CallKit excellently on the developer site: https://developer.apple.com/documentation/callkit With the possibility of using Apple CallKit in combination with Outlook for iOS and the contact synchronization (personal/GAL) of a managed EXO mailbox, the use of M365 in a BYOD scenario for customers Blue Collar workers will massively increase. Furthermore, the use of contact synchronization is then also possible for devices managed by Intune. This creates an outstanding user experience while increasing user adoption! This article was also published as feedback in the Outlook Forum for iOS: https://feedbackportal.microsoft.com/feedback/idea/a80414f4-9598-ed11-a81b-000d3ae32cd0 There are already other requests within the Microsoft community that I would like to link here: PatrickF11 : Outlook for iOS + Caller Identification - Microsoft Community Hub Daniel Huttenlocher: https://feedbackportal.microsoft.com/feedback/idea/bbfc8763-da97-ed11-a81b-000d3ae32cd0Decks for Endpoint Management Acceleration Day
Many thanks to all of you who attended any or all of our sessions for Endpoint Management Acceleration Day! We hope we were able to give you useful information! If you didn't get a chance to fill out the survey during the sessions, please fill it out now - there's a different one for each track. Mobility Survey Windows Survey If you'd like to go back and watch any of them again, or view the Q&A transcript, just use the same link you used to join the session: Mobility https://aka.ms/EMAD/MobReg01 https://aka.ms/EMAD/MobReg02 https://aka.ms/EMAD/MobReg03 Windows https://aka.ms/EMAD/WinReg01 https://aka.ms/EMAD/WinReg02 https://aka.ms/EMAD/WinReg03 I'm attaching the PDFs of the slides we used in the presentations. I'll have to do a separate post to add the Windows decks - scroll down to see those. Thanks again!Device Security
There’s little disagreement that mobile technologies are beneficial to business. Mobility means flexibility and productivity gains and a sense of control for employees. Mobile is more than just smartphones. With IoT, more devices like smartwatches, tablets, and manufacturing equipment are enabled to access networks and provide information to individuals through multiple channels. In many ways, this has changed the “boundaries” of the workplace, which make managing enterprise data more complex. An IBM study found that 62% of IT leaders with a well-defined mobile strategy achieve ROI in 12 months or less. Harnessing the power of mobile devices can improve the flexibility and productivity of employees, while sound Mobile Device Management protects an enterprise from security threats. How are companies approaching mobility? A recent Gartner study found that 66% of employees currently use their own devices at work. From a productivity, cost and employee satisfaction perspective, allowing employees to bring their own devices is beneficial. Mobile access means that companies can work beyond the walls of their cubicles and can more easily access information on the go. Employees are more likely to be comfortable navigating their own devices and for the IT department, it drives fewer device set-up and maintenance costs. However, the benefits are not without risks. Risks Increasing the number of devices with access to a network makes managing and securing those devices more complicated. Identifying the number of devices on the network, configuring these devices to comply with company policies, granting access to internal information, as well as protecting these devices from outside threats pose many challenges. Another risk, less tangible but certainly impactful, is employee compliance and overall satisfaction. Even if corporations provide devices, many employees are still prone to carry their own devices with them, or find work arounds. Transparency around device policies and security risks can help convey the risks to non-compliant or resistant employees. If deployed properly, BYOD policies can meet employee needs and still protect the network from external threats. This month on Tech Community, we’ll be discussing mobile device management, productivity gains from a mobile-first world, and the security challenges (among other challenges) that go along with managing an ever-growing network of devices. How does your company approach mobility and what are the challenges and successes you’ve had?[New Blog Post] iOS Enrollment with Microsoft Intune Decision Tree
In the ever-evolving landscape of mobile device management, Microsoft Intune stands as a beacon of simplicity and efficiency. For organizations embracing the Apple ecosystem, enrolling iOS devices into Intune offers a world of possibilities. Let's embark on a journey through the high-level overview of various iOS enrollment methods, each designed to cater to diverse organizational needs. iOS Decision Tree 1. Supervised Devices: For Maximum Control and Customization Supervised devices are the powerhouses of iOS management. Perfect for corporate-owned devices, they provide enhanced control, allowing organizations to tailor settings and restrictions as needed. 2. User Enrollment: Balancing Work and Life on a Single Device Ideal for personal device use, User Enrollment ensures a harmonious coexistence of work and personal data. Users maintain privacy while benefiting from the organizational security umbrella. 3. Device Enrollment: Comprehensive Control for Personal Devices For a more encompassing approach, Device Enrollment brings personal iOS devices into the organizational fold. Organizations maintain control while users enjoy the familiarity of their own devices. 4. Automated Device Enrollment (formerly DEP): Seamless Out-of-the-Box Experience Formerly known as Device Enrollment Program (DEP), Automated Device Enrollment streamlines the onboarding process for new devices, ensuring they are automatically enrolled into Intune upon activation. 5. Apple Configurator: Tailoring Settings for a Cohesive Experience Apple Configurator offers a manual yet robust approach for customizing settings on iOS devices. Ideal for specific use cases where hands-on configuration is preferred. Elevate your iOS device management experience with Microsoft Intune – where simplicity meets efficiency! :mobile_phone::sparkles: https://www.linkedin.com/in/shady-khorshed-19277723/ is a Microsoft enthusiast. He loves writing on iOS/Android, Windows 11, Windows 365 and related Microsoft Intune. He is here to share quick tips and tricks for all young professionals. #MicrosoftIntune #iOSDeviceManagement #TechSolutions #MobileSecurity #MicrosoftIntune #MobileDeviceManagement #AndroidEnrollment #TechInnovation #Apple #ios #android #decisiontree #microsoft #intune #COPE #COSU #COBO #BYOD #Appprotectionpolicy #Workprofile #devices #design #environmentMicrosoft Teams: Manage it using Mobile Application Management (MAM)
I just posted a new blog post on how to manage Microsoft Teams using Mobile Application Management (MAM) from Intune. WOuld like to hear your thoughts, input, feedback and general comments. Thanks! Link: https://blogs.technet.microsoft.com/skypehybridguy/2017/09/01/microsoft-teams-manage-it-using-mobile-application-management-mam/MDM vs. MAM
All the talk and effort to be a digital business puts mobility squarely at the center of your security plan. As your technology roadmap evolves, your enterprise mobility management (EMM) approach will likewise need to flex to guard your company’s data against ever-increasing cybersecurity hacks. Digital transformation can help you increase team productivity and employee experiences, especially as “bring your own device” (BYOD) policies have taken firm hold. Perhaps you’ve even got Internet of Things (IoT) and Artificial Intelligence (AI) on your radar for the not-too-distant future to capture new efficiencies and improve decision making. What’s the best way to secure BYOD and IoT? This technology evolution requires an integrated EMM plan that addresses the complexities of securing hardware from cross-platform ecosystems and the applications they access, many delivered as a service in the cloud. Well-designed policies are not fully focused on managing devices, rather on enabling safe access to data and systems from a wide variety of devices. So, what is MDM and MAM anyway? Mobile device management (MDM) and mobile application management (MAM) are often intertwined yet play distinct roles. Here’s a quick summary of their characteristics and purpose: MDM: addresses lack of control over corporate and personal devices, and lost device security Ensures device compliance through user and device registration, configuration and passcode management Secures devices on the network so you can monitor, report, track and update devices – and even locate, lock and wipe devices, if lost or stolen MAM: addresses lack of compliance with data and privacy requirements, and lost data retrieval User identity policy, single sign-on and conditional access tailored by role and device (with Intune or Active Directory on premises or in the cloud) Monitors and pushes app updates, including mobile document management for online or cloud-provisioned apps like SharePoint and OneDrive Is one better than the other? MDM and MAM are not exclusive of each other, and for most scenarios, together they can help you confidently implement and enforce a security plan that grants flexibility and convenience with accountability and control. Tech Community MVP Ammar Hasayen shared his story on the BYOD conundrum, noting that leadership resisted registering personal devices: “The solution we proposed is to get licenses for Intune, and adopt the Mobile Application Management (MAM) approach. This would simplify our management solution, protect corporate information on mobile devices, and respect any privacy concerns for employees.” What challenges or complexity are you facing to secure myriad devices, documents and critical data without disrupting business operations?Download new Intune Infographics!
Comprehensive protection of Office 365 data on any device: https://gallery.technet.microsoft.com/Infographic-Comprehensive-e9a6c8c3 Management choices with Microsoft Intune: https://gallery.technet.microsoft.com/Infographic-Management-3644ae41 Protect Office 365 data on unmanaged devices: https://gallery.technet.microsoft.com/Infographic-Protect-Office-3fcece11
