Since iOS 11.3 we had an issue when using Intune MDM and Outlook, managed via App Protection Policies (MAM) together. In this scenario the Outlook app was not allowed to write to contacts to the native iOS Contacts app since the data was considered corporate data when setting viewing corporate documents in unmanaged apps was blocked.

Reason for this is the stricter separation of corporate and private data in iOS 11.3 due to GDPR, contacts are considered as corporate data. Lots of customers were suffering due to this issue.

Great news! With the release of iOS 12.1 Apple created two settings that allow you to control if contacts can be written to the contacts app by managed apps and a setting that allows you to control if unmanaged apps can read the managed contacts accounts.

So as from now if you have the Viewing corporate documents in unmanaged setting configured to block, you are now also able to configure to allow managed apps to write contacts to the unmanaged part of the contacts app.

According to the Intune Support Team on Twitter (good one to follow!) the requirement of supervised only is a UI bug.

When deploying this to your MDM managed iOS devices you will see the contacts exported again, you might want to disable and enable the sync in Outlook to trigger it.

If you look in the management profile you will see the policy listed.

Till next time.

Read also my blog on Search Mobile Computing about Outlook and App Protection here.

Comments