Skip to main content
Question

"Unmanaged apps to read contacts from managed contacts accounts" gets ignored

  • May 10, 2022
  • 5 replies
  • 83 views
M
Forum|alt.badge.img+5

Hi Im trying to set up a restrictions-profile for some BYOD-iPhones. Some restrictions get pushed correctly but the two most important ones won't show up on the iPhone.

Settings are:

 
 

 

Voice dialing while device is locked Restricted Server-side logging of Siri commandsDeprecated Restricted Users to accept untrusted TLS certificates Restricted Trusting new enterprise app authors Restricted Managed apps can write contacts to unmanaged contacts accounts Restricted Unmanaged apps to read contacts from managed contacts accounts Restricted Sending diagnostic reports to Apple Restricted Apple Watch wrist detection Restricted

 

But these two get ignored:

Managed apps can write contacts to unmanaged contacts accounts
Unmanaged apps to read contacts from managed contacts accounts

 

Testing-iPhone is running iOS 15.4.1

    5 replies

    M
    Forum|alt.badge.img+5

    This is what ends up on the iPhone.

    J
    Forum|alt.badge.img+8
    • jpeters21
    • Valued Contributor
    • May 10, 2022

    do those settings require supervised or DEP? 

    for informational purposed (we have not gone BYOD yet but I see it on the horizon) do you see these as potential attack vectors or are you just going with trying to match with company owned devices? 

    Voice dialing while device is locked
Restricted
    Sending diagnostic reports to Apple
Restricted
Apple Watch wrist detection
Restricted
    M
    Forum|alt.badge.img+5

    The shouldn't as they are advertised special for BYOD.

     

    These three have different reasons:

    We see voice-dialing and Apple Watch wrist detection as potential attack vector (like someone using the phone of a higher employe to get informations).

    Diagnostic reports is to be compliant with European GDPR.

    M
    Forum|alt.badge.img+5

    Seems like these two

    Managed apps can write contacts to unmanaged contacts accounts Restricted Unmanaged apps to read contacts from managed contacts accounts Restricted

    need these two

    Documents from managed sources open in unmanaged destinations Restricted Documents from unmanaged sources open in managed destinations Restricted

    to get applied. But the contacts restrictions won't be displayed under Settings -> Management -> Restrictions.

    More in this thread:

    https://community.jamf.com/t5/jamf-pro/unmanaged-app-reading-managed-contacts-although-restriction-is/m-p/265589#M243796

    aparten11
    J
    Forum|alt.badge.img+8
    • jpeters21
    • Valued Contributor
    • May 11, 2022

    The shouldn't as they are advertised special for BYOD.

     

    These three have different reasons:

    We see voice-dialing and Apple Watch wrist detection as potential attack vector (like someone using the phone of a higher employe to get informations).

    Diagnostic reports is to be compliant with European GDPR.


    thanks for the info

    Terms & ConditionsCookie settingsAccessibility statement