"Unmanaged apps to read contacts from managed contacts accounts" gets ignored

matthias_bretz
New Contributor III

Hi Im trying to set up a restrictions-profile for some BYOD-iPhones. Some restrictions get pushed correctly but the two most important ones won't show up on the iPhone.

Settings are:

 
 

 

Voice dialing while device is locked
Restricted
Server-side logging of Siri commandsDeprecated
Restricted
Users to accept untrusted TLS certificates
Restricted
Trusting new enterprise app authors
Restricted
Managed apps can write contacts to unmanaged contacts accounts
Restricted
Unmanaged apps to read contacts from managed contacts accounts
Restricted
Sending diagnostic reports to Apple
Restricted
Apple Watch wrist detection
Restricted

 

But these two get ignored:

Managed apps can write contacts to unmanaged contacts accounts
Unmanaged apps to read contacts from managed contacts accounts

 

Testing-iPhone is running iOS 15.4.1

5 REPLIES 5

matthias_bretz
New Contributor III

This is what ends up on the iPhone.

IMG_7BFD669639AA-1.jpeg

jpeters21
Contributor II

do those settings require supervised or DEP? 

for informational purposed (we have not gone BYOD yet but I see it on the horizon) do you see these as potential attack vectors or are you just going with trying to match with company owned devices? 

Voice dialing while device is locked
Restricted
Sending diagnostic reports to Apple
Restricted
Apple Watch wrist detection
Restricted

matthias_bretz
New Contributor III

The shouldn't as they are advertised special for BYOD.

 

These three have different reasons:

We see voice-dialing and Apple Watch wrist detection as potential attack vector (like someone using the phone of a higher employe to get informations).

Diagnostic reports is to be compliant with European GDPR.

thanks for the info

matthias_bretz
New Contributor III

Seems like these two

Managed apps can write contacts to unmanaged contacts accounts
Restricted
Unmanaged apps to read contacts from managed contacts accounts
Restricted

need these two

Documents from managed sources open in unmanaged destinations
Restricted
Documents from unmanaged sources open in managed destinations
Restricted

to get applied. But the contacts restrictions won't be displayed under Settings -> Management -> Restrictions.

More in this thread:

https://community.jamf.com/t5/jamf-pro/unmanaged-app-reading-managed-contacts-although-restriction-i...