To keep corporate (email) data safe a lot of companies force their users to use Microsoft Outlook mobile by applying Conditional Access policies and App Protection Policies. One of the things that don`t work out of the box with Outlook, compared to using the native mail client, is contacts are not directly available in the native contacts app and therefore users don`t see who is calling them.
To make the life of the end-user a little easier, we can pre-configure Outlook to save the contacts to the native contacts app. This can be done by deploying an App Configuration Policy with Microsoft Intune to the end-users device (Outlook). In this policy, we also have the option to control which items are saved to the local device and which are not allowed to be saved. You might for example only want to allow saving the name and phone numbers of a contact and block everything else.
If you have indeed applied an App Protection Policy to the users devices and want to allow saving contacts to the local device, make sure this is allowed in the App Protection Policy before moving on with the other steps.
Set Sync app with native contacts app to Yes.
If this setting is in-place, let`s configure the App Configuration Policy for Outlook mobile.
Create App configuration policy
In this example, I create the App configuration policy for Outlook mobile running on Android and iOS. I only want to allow syncing the contact fields related to the name and some related to phone numbers.
- Sign-in to the Endpoint Manager admin center
- Browse to Apps – App configuration policies
- Click + Add
- Choose Managed apps
- Give the profile a Name
- Enter a Description (Optional)
- Click Select public apps
- Search for Outlook
- Select Outlook (twice)
- Click Select
Back in the previous screen click Next.
- Open Outlook configuration settings
- Set Save contacts to Yes
- Choose your preferred setting for Allow user to change setting
- Scroll down to the Sync contacts fields to native contacts app configuration
- For every contact field set the preferred option of your choice
- Click Next
Finalize the setup wizard by assigning the policy to a security group.
End-user experience
Let`s have a look at the end-user experience. I have used an Android device to create this blog.
As you can see for this contact, I have filled in some additional information besides the name and mobile number. If the policy is set correctly, the Email and notes fields are not synced to my Android device.
As soon as the policy is successfully applied to Outlook, a pop-up is shown Outlook needs access to contacts to sync them. Click on the pop-up to give the requested permissions to Outlook.
If we have a look at the settings in Outlook, here also a message is shown Outlook needs access to contacts in Android.
Depending on if you allow the user to change the sync contacts settings or not, the user is allowed to switch off contact sync.
In this case, also information is shown that not all contact sections are saved.
If you don`t allow changing the contact sync settings, the informational message isn`t shown and the button is greyed out like below.
If we take a look at the synced contact, indeed only the name and phone number are synced to the contacts app. All other information is not synced to the device.
That`s it for this post. I hope you find it informative.
Happy testing!
Would you really sync all corp contacts to the native contact app? What about any social media app on the private device that has also access to the native contact app? It will grab any contact and will probably sync them to the cloud. Regarding any privacy policy this is not what you really want, or am I wrong?
I think a distinction needs to be made between contacts in Outlook and the Global Address Book. Typically the GAL hold all the corporate contacts. But, the Outlook contacts can be anything else, like vendors for example. If someone were to copy a corporate GAL contact into their Outlook contacts then for sure what you say would happen – social media apps which have been granted access to the native contact app would pull potentially sensitive contact info. Even in the case of just pulling first name, last name, phone number could be a privacy concern. This would be even more true of course if the contacts list had customer’s contact info. Which, to me, would be the point – have the customer as a contact so when they call you see that it’s them calling.
Do you need your company contacts offline, secure and with number resolution for incoming calls? Then this app is a good addition to the #Outlook app : https://apps.apple.com/de/app/securecontact-x-business/id1450074955
Amazing article, just when I thought it’s going to save all my problems.. it didn’t. Configured exactly as it should be, there was even a notification about contact sync and I allowed it…
But unfortunately, contacts to not get sync into native contacts app and they remain there. Any other idea what could it be? Thanks, G
That`s pretty strange. These settings should do the trick. If you`re absolutely sure the policy is applied and it doesn`t work on multiple devices, probably nothing left other than opening a support case.
Hi Peter I am having the same problem. My company did configure Outlook (in the Work Profile) to Sync contacts, however they are not available in the Private Profile Contacts or Native Dialer app.
But it gets even stranger… so my native Dialer/Contacts app (Private Profile) doesn’t show the contacts, however if I perform a search/lookup I can actually see results that come straigt from the Work Profile Contact app ….
So it looks like there is some underwater connection between the Work and Private Profile Contacts Apps, however the Work Contacts are not pushed to the Private Contacts app so they can be displayed as Contacts.
this is really frustrating …
Guess I found the solution. Standard Android is showing the ‘personal’ dialer and contact app. I’ve added the phone and contacts app from Google as a ‘managed google app.’ Because the work and personal profile are seperated they cannot share workdata. Now they can because workdata (Outlook) is shared with contacts (managed app) and dialer (also managed app). Hope my post makes sense. Posting this in various places since I see a lot of people have issue.
Hi,
We have deployd IOS Outlook, to alow the Iphone Contact app show the contacts, but something we have a issue because it’s not working.
Need to be an APP manage, or need to be as a device manage?
Also, the assigment grup, need to be an user group, or Debvice group?
Thanks
Hello,
If I allow “Outlook contact sync to the native contacts app” with an App Protection policy, does the Outlook contacts gets removed on the native app (iOS) when I do a “Selective Wipe”? Thank you!