To keep corporate (email) data safe a lot of companies force their users to use Microsoft Outlook mobile by applying Conditional Access policies and App Protection Policies. One of the things that don`t work out of the box with Outlook, compared to using the native mail client, is contacts are not directly available in the native contacts app and therefore users don`t see who is calling them.
To make the life of the end-user a little easier, we can pre-configure Outlook to save the contacts to the native contacts app. This can be done by deploying an App Configuration Policy with Microsoft Intune to the end-users device (Outlook). In this policy, we also have the option to control which items are saved to the local device and which are not allowed to be saved. You might for example only want to allow saving the name and phone numbers of a contact and block everything else.
If you have indeed applied an App Protection Policy to the users devices and want to allow saving contacts to the local device, make sure this is allowed in the App Protection Policy before moving on with the other steps.
Set Sync app with native contacts app to Yes.
If this setting is in-place, let`s configure the App Configuration Policy for Outlook mobile.
Create App configuration policy
In this example, I create the App configuration policy for Outlook mobile running on Android and iOS. I only want to allow syncing the contact fields related to the name and some related to phone numbers.
- Sign-in to the Endpoint Manager admin center
- Browse to Apps – App configuration policies
- Click + Add
- Choose Managed apps
- Give the profile a Name
- Enter a Description (Optional)
- Click Select public apps
- Search for Outlook
- Select Outlook (twice)
- Click Select
Back in the previous screen click Next.
- Open Outlook configuration settings
- Set Save contacts to Yes
- Choose your preferred setting for Allow user to change setting
- Scroll down to the Sync contacts fields to native contacts app configuration
- For every contact field set the preferred option of your choice
- Click Next
Finalize the setup wizard by assigning the policy to a security group.
Let`s have a look at the end-user experience. I have used an Android device to create this blog.
As you can see for this contact, I have filled in some additional information besides the name and mobile number. If the policy is set correctly, the Email and notes fields are not synced to my Android device.
As soon as the policy is successfully applied to Outlook, a pop-up is shown Outlook needs access to contacts to sync them. Click on the pop-up to give the requested permissions to Outlook.
If we have a look at the settings in Outlook, here also a message is shown Outlook needs access to contacts in Android.
Depending on if you allow the user to change the sync contacts settings or not, the user is allowed to switch off contact sync.
In this case, also information is shown that not all contact sections are saved.
If you don`t allow changing the contact sync settings, the informational message isn`t shown and the button is greyed out like below.
If we take a look at the synced contact, indeed only the name and phone number are synced to the contacts app. All other information is not synced to the device.
That`s it for this post. I hope you find it informative.