Do to GDPR I have customers asking for this one – how to manged and/or prevent sync of contact information onto the native contact apps, in this blog post I will not go into what or why the data can be under the GDPR or other regulation, that is up to each company to figure out, but some times is it also internal security policy that do not allow customer data in the corporate address book to stored with out any kind of control.

The native contact app on IOS and Android is allowed to takes backup to iCloud or Google backup. When company data is leaving the device we as a company do not have control over the data any more. So if we are helping the end user by using Intune MAM with conditional access to ensure that they are only using approved apps like Outlook mobile and IOS or Android.
In this blog post I will show how to mange the contact information inside Outlook mobile – not how to configure MAM and Conditional Access.

The reason for starting using Outlook Mobile with Intune MAM is mainly security. After applying the MAM policy to your users they will get the policy at next login to Outlook no matter if their devices is enrolled or not. As soon as the policy applies to the app – the IT department have control over the containerized company data and can remote wipe it – without removing other data on the device like the personal pictures, personal mails etc.
All the Intune app protection policies is working even if you have a third part MDM solution do to that you can dot it without enrollment.

How to configure the contact sync:

Inside the app protection policy in Intune data protection section
Dashboard -> Client apps – App protection policies -> Intune App Protection – Properties -> Data protection

You can enable or disable “sync app with native contact app”

If you are enabling contact sync then you maybe want to do it more granular.

So you need to create a App configuration policies

1.   Click Client apps
2. Click App protection policies
3. Click Add

1. Name : “Outlook Configuration”
2. Device enrollment type : select “Managed apps”
3. Click Associated app
4. Select Outlook for both IOS and Android if you want the same behavior on both platforms

1. Click “Configuration Settings”
2. Enter
   1. Name : com.microsoft.outlook.ContactSync.AddressAllowed
   2. Value : false
3. Enter
   1. Name : com.microsoft.outlook.ContactSync.BirthdayAllowed
   2. Value : false

You can enter all the different settings that you want to configure on the Outlook Mobile app here.

Then you just need to assign it to you users that need this settings.
The biggest advanced about this feature is that it does not require your end user to be enrolled – just to have the managed Outlook installed and by logging in to the app the policy will apply.

How is the end user experience:

I will show 3 different user experiences.

The first one – where the end user is not allowed to sync contacts at all, then it is completely removed from the UI in Outlook mobile

The second one – where the end user is allowed to sync contacts but addresses is blocked from being synced.

The third one – where the end user is allowed to sync contacts but address,Birthday is blocked from being synced.

Happy deployment

Read more:

Configure Contact Field Sync to native Contacts for Outlook for iOS and Android