When you have a requirement where users are using their personal mobile devices to access the corporate emails and other Microsoft office apps. You want to make sure the data in these apps is secure and also prevent data leak. Application Protection Policies (APP) Policies can be applied to the users which protects your apps and data. App Protection Policies provides the option to Allow the contacts to be synced with the native apps. The setting is called “Sync policy managed app data with native apps“. By default this setting is set to “Allow”. Along with this setting, you will require an App configuration policy to save the contacts. Save Contacts option requires the user to grant outlook permission to access the native contacts app and data stored within. When the policies are configured and applied to the user, A pop-up will be shown to the user and user just have to allow the Outlook App to provide this permission. Also, using the App Configuration Policy you can limit the contact fields which will get synced to the Native App in case you do not want to allow all the information to be synced for contacts.
Some other useful articles which may also help:
- Set Microsoft Edge Home Page, Startup Page And New Tab Page Using Microsoft Intune.
- Block USB Drives With Exceptions Using Microsoft Intune.
- Configure Team Site Libraries To Sync Automatically Using Microsoft Intune / Endpoint Manager.
- Renew Apple MDM Push Certificate For Microsoft Intune Apple Enrollment.
- How To Uninstall Expressvpn Application From Windows 10 Systems Using Microsoft Intune.
- Deploying MSI Application On Windows 10 Workstations Using Microsoft Intune.
- How to add, assign, delete, monitor iOS store apps in Microsoft Intune
|“Sync policy managed app data with native apps” setting allows both contacts and calendar sync on the device. However if you want to sync the outlook calendar to the Native Calendar App on the device, you need to enable the option “Sync Calendars” in App configuration policy. Please note that this will only work with Android devices as of now.|
For More Information on the App Configuration Policy Check this link:
Create App Protection Policy (APP)
If you already created an app protection policy which has been applied to all the users then Verify if the “Sync policy managed app data with native apps” is set to Allow. Else you can create an Application Protection Policy. For creating a new App Protection Policy, you can open the Microsoft Endpoint Manager Admin Center -> Apps -> App protection policies and click on Create Policy to create a new one.
Create Managed Apps App Configuration Policy (ACP)
For Creating a new App Configuration Policy, you need to open the Microsoft Endpoint Manager Admin Center -> Apps -> App configuration policies -> Click on Add and Select Managed Apps from Drop down.
On Basics Tab Provide Name and Description of the Policy and Select the Public Apps Microsoft Outlook for both iOS and Android Platforms and click Next.
On Settings Tab, Expand Outlook configuration settings and Change the Setting for Save Contacts to Yes. Optionally you can allow the user to change the setting configuring “Allow user to Change Setting” to Yes.
You can now configure which contacts fields to sync to the native app, Scroll down on the page and use the option “Sync contact fields to native contact app configuration” and select the fields to sync.
On the Assignments tab Select the groups to apply this policy. You can create a test group and add one or two users in the group for testing and then once the testing is successful you can add all users.
Click on Create to create the policy.
Testing on End User Mobile Device
Once the policies are synced to the user, user will get the below pop-up message to grant permissions to Outlook. Click on OK to provide the permissions.
Click on OK on the next screen to provide permissions to Outlook to Access the Contacts.
If you want to Enable Notifications on the next screen, Click on “Turn On“. Otherwise, select No Thanks.
Click on “Allow” on the next screen to Allow Outlook to send the Notifications. If you don’t want to allow notifications, click on Don’t Allow.
Create a Test Contact in Outlook on desktop or Outlook Web Access and it should automatically sync to the Native App now.
Please make sure the Save Contacts Option in Outlook App Settings is enabled only on one iOS Device if the icloud contact sync is enabled to avoid duplicate contacts issue.