How to enable iOS unmanaged apps to read managed contacts & write unmanaged contacts without compromising security using Microsoft Intune

The contacts saved in Exchange is considered managed contacts. with iOS 12 onwards managed contacts are not visible from unmanaged Apps.

As stated in Apple Article (https://support.apple.com/en-au/HT208749)  iOS 12, you can use MDM to make the following exceptions to this policy:
  • Allow unmanaged apps to access managed contacts
  • Allow managed apps to save contacts to the local Contacts app
Microsoft Intune have introduced new feature, but it has pre-requisite to "Viewing corporate documents in unmanaged apps" to write contact to unmanaged app and "Viewing non-corporate documents in corporate apps" to read managed contacts in unmanaged app. 


This can be security issue for many organisations. However, you can enable this without changing the parent policy by following trick!
  1. Go to iOS restriction settings in Intune, go to 'App Store, Doc Viewing, Gaming controls'.
  2. As highlighted above 'Allow managed apps to write contacts to unmanaged contacts accounts (supervised only)' and 'Allow unmanaged apps to read from managed contacts accounts (supervised only)' options are disabled without configuring parent settings. 
  3. Click on Block -  'the Viewing corporate documents in unmanaged apps'.
  4. Click on 'Allow -  'Allow managed apps to write contacts to unmanaged contacts accounts'.
  5. Change 'Viewing corporate documents in unmanaged apps' to Not configured. you will notice the allow managed apps to write contacts does not change as shown in screenshot below.
  6. Assign policy to the test devices, monitor per-settings status.








Comments

Post a Comment

Popular posts from this blog

Network Driver for HP Elitebook 840 G1

Network Driver for HP Elitebook 840 G1 Issue :  HP elitebook 840 G1 does no PXE boot when network drivers are injected in boot image. environment SCCM 2012 SP1. Answer: To build HP elitebook 840 G1  inject the Windows 8 network driver.  Please see post below from Niall C. Brady on how to inject or test drive during task sequence. Thanks Niall C. Brady for this article:  http://myitforum.com/cs2/blogs/nbrady/archive/2011/08/31/missing-nic-driver-in-winpe-boot-image-no-problem.aspx . TO\o Download Driver click here   Unzip the file using 7 zip, go to \sp63299\Setup\Win8x64  folders and inject driver in boot image  from SCCM or using drvload command as explain in article.  Happy Days....
Read more

How to deploy Application (offline installer DMG) on Apple MacOS Devices using Microsoft Intune

Image
Microsoft Intune does not support deployment of DMG file. As per the  Microsoft documentation   : " Only  .pkg files may be used to upload macOS LOB apps to Microsoft Intune. Conversion of other formats, such as .dmg to .pkg is not supported." Microsoft Intune have provided support to deploy shell script to macOS. In the example below, I will deploy Adobe Acrobat Reader DC 2020.009.20063 DMG file on MacOS Device. Save following script as .sh package i.e.  InstallAdobeReader.sh #! /bin/sh url=https://ardownload2.adobe.com/pub/adobe/reader/mac/AcrobatDC/2000920063/AcroRdrDC_2000920063_MUI.dmg   set -x tempd=$(mktemp -d) curl $url > $tempd/AdobeReaderDC.dmg listing=$(sudo hdiutil attach $tempd/AdobeReaderDC.dmg | grep Volumes) volume=$(echo "$listing" | cut -f 3) package=$(ls -1 "$volume" | grep .pkg | head -1) sudo installer -pkg "$volume"/"$package" -target / sudo hdiutil detach "$(echo "$volume" | cut -f 1)" rm -r...
Read more