To keep corporate (email) data safe a lot of companies force their users to use Microsoft Outlook mobile by applying Conditional Access policies and App Protection Policies. One of the things that don`t work out of the box with Outlook, compared to using the native mail client, is contacts are not directly available in the native contacts app and therefore users don`t see who is calling them.
To make the life of the end-user a little easier, we can pre-configure Outlook to save the contacts to the native contacts app. This can be done by deploying an App Configuration Policy with Microsoft Intune to the end-users device (Outlook). In this policy, we also have the option to control which items are saved to the local device and which are not allowed to be saved. You might for example only want to allow saving the name and phone numbers of a contact and block everything else.
If you have indeed applied an App Protection Policy to the users devices and want to allow saving contacts to the local device, make sure this is allowed in the App Protection Policy before moving on with the other steps.
Set Sync app with native contacts app to Yes.
If this setting is in-place, let`s configure the App Configuration Policy for Outlook mobile.
Create App configuration policy
In this example, I create the App configuration policy for Outlook mobile running on Android and iOS. I only want to allow syncing the contact fields related to the name and some related to phone numbers.
- Sign-in to the Endpoint Manager admin center
- Browse to Apps – App configuration policies
- Click + Add
- Choose Managed apps
- Give the profile a Name
- Enter a Description (Optional)
- Click Select public apps
- Search for Outlook
- Select Outlook (twice)
- Click Select
Back in the previous screen click Next.
- Open Outlook configuration settings
- Set Save contacts to Yes
- Choose your preferred setting for Allow user to change setting
- Scroll down to the Sync contacts fields to native contacts app configuration
- For every contact field set the preferred option of your choice
- Click Next
Finalize the setup wizard by assigning the policy to a security group.
End-user experience
Let`s have a look at the end-user experience. I have used an Android device to create this blog.
As you can see for this contact, I have filled in some additional information besides the name and mobile number. If the policy is set correctly, the Email and notes fields are not synced to my Android device.
As soon as the policy is successfully applied to Outlook, a pop-up is shown Outlook needs access to contacts to sync them. Click on the pop-up to give the requested permissions to Outlook.
If we have a look at the settings in Outlook, here also a message is shown Outlook needs access to contacts in Android.
Depending on if you allow the user to change the sync contacts settings or not, the user is allowed to switch off contact sync.
In this case, also information is shown that not all contact sections are saved.
If you don`t allow changing the contact sync settings, the informational message isn`t shown and the button is greyed out like below.
If we take a look at the synced contact, indeed only the name and phone number are synced to the contacts app. All other information is not synced to the device.
That`s it for this post. I hope you find it informative.
Happy testing!
Would you really sync all corp contacts to the native contact app? What about any social media app on the private device that has also access to the native contact app? It will grab any contact and will probably sync them to the cloud. Regarding any privacy policy this is not what you really want, or am I wrong?
I think a distinction needs to be made between contacts in Outlook and the Global Address Book. Typically the GAL hold all the corporate contacts. But, the Outlook contacts can be anything else, like vendors for example. If someone were to copy a corporate GAL contact into their Outlook contacts then for sure what you say would happen – social media apps which have been granted access to the native contact app would pull potentially sensitive contact info. Even in the case of just pulling first name, last name, phone number could be a privacy concern. This would be even more true of course if the contacts list had customer’s contact info. Which, to me, would be the point – have the customer as a contact so when they call you see that it’s them calling.
Do you need your company contacts offline, secure and with number resolution for incoming calls? Then this app is a good addition to the #Outlook app : https://apps.apple.com/de/app/securecontact-x-business/id1450074955