Posted on 09-16-2024 11:52 PM
Hi Nation,
we enrolled MDM for institutional iPhones (not BYOD). Now, after some time in production, our users complain, that they cannot copy and paste phone numbers from the managed Gmail app to iOS contacts app.
The devices are fully managed, but the native iOS apps do not seem considered as managed apps, and the pasteboard is blocked. (Users did not add a private or managed Apple ID on the device.)
Is there a way to "manage" the native iOS apps or consider them as trusted apps?
Here are our current restrictions:
- Documents from managed sources open in unmanaged destinations - restricted
- Documents from unmanaged sources open in managed destinations - restricted
- Pasteboard respects managed/unmanaged document restrictions - enforced
- Managed apps can write contacts to unmanaged contacts accounts - restricted
- Unmanaged apps to read contacts from managed contacts accounts - restricted
Looking forward to your thoughts or maybe a reference to another post where it was is maybe already discussed.
Thank you!
Posted on 09-17-2024 01:19 AM
This used to work by adding those apps to the device scope and configuring them as available in self service, and check the box to make them managed if unmanaged. Since a few releases back this stopped working. We did open a case for this, and the brief conclusion is that the previous behavior we were relying on for our workflow was considered a "bug" and that the behavior is now "fixed". Perhaps this still works if you don't make them available in self service and just scope them to all devices instead. But that would prevent uninstallation by end-users and takes up unnecessary space on devices that don't need them.
Posted on 09-18-2024 05:40 AM
Thank you @foobarfoo I will try this out!
Posted on 09-19-2024 01:29 AM
@foobarfoo So I double-checked your proposal but I am stuck by the fact, that you cannot purchase licenses from the Apple business manager for standard iOS apps. For example, the iOS Contacts app is not available in the Apple business manager. Though I can find it in Jamf and are either able to scope it and push it or make it available in self-service, in both cases, there is now a license code available and will ask the user to connect to an iTunes account. Even, if this would be an institutional one, it would not help since you cannot purchase the license on the Apple business manager.
So it seems that I am stuck here for now because all apple default apps are not considered as business apps the device is managed :(