fighting for truth, justice, and a kick-butt lotus notes experience.

New iOS 12 MDM feature to control access to contacts by third-party apps

 August 14 2018 12:53:29 PM
Starting with iOS 11.3 in the spring of this year Apple already created the possibility to control which third party apps (keyword: WhatsApp) can access the managed company contacts of the ActiveSync account via MDM restrictions.
This was done via the Managed OpenIn restrictions. These can be used to control whether an unmanaged app can access the content of a managed app or account.

See also my blog post: ios-11.3-update-regarding-contact-containisation.htm

Apple released an updated Configuration Profiles documentation yesterday, which contains two new restrictions, among other iOS 12 extensions, that allows additional control to access contacts, when Managed OpenIn restrictions are being set to false.

allowManagedToWrite
UnmanagedContacts


Optional. If set to true, managed apps can write contacts to unmanaged contacts accounts.

Defaults to false.

If allowOpenFromManagedToUnmanaged is true, this restriction has no effect.
A payload that sets this to true must be installed via MDM
Availability: Available only in iOS 12.0 and later.


allowUnmanagedToRead

ManagedContacts


Optional. Supervised only. If set to true, unmanaged apps can read from managed contacts accounts.

Defaults to false.

If allowOpenFromManagedToUnmanaged is true, this restriction has no effect.
A payload that sets this to true must be installed via MDM.
Availability: Available only in iOS 12.0 and later.


via: https://developer.apple.com/enterprise/documentation/Configuration-Profile-Reference.pdf

Archive