Help

"Unmanaged apps to read contacts from managed contacts accounts" gets ignored

matthias_bretz
New Contributor III

Posted on ‎05-10-2022 05:29 AM

Hi Im trying to set up a restrictions-profile for some BYOD-iPhones. Some restrictions get pushed correctly but the two most important ones won't show up on the iPhone.

Settings are:

 
 

 

Voice dialing while device is locked
Restricted
Server-side logging of Siri commandsDeprecated
Restricted
Users to accept untrusted TLS certificates
Restricted
Trusting new enterprise app authors
Restricted
Managed apps can write contacts to unmanaged contacts accounts
Restricted
Unmanaged apps to read contacts from managed contacts accounts
Restricted
Sending diagnostic reports to Apple
Restricted
Apple Watch wrist detection
Restricted

 

But these two get ignored:

Managed apps can write contacts to unmanaged contacts accounts
Unmanaged apps to read contacts from managed contacts accounts

 

Testing-iPhone is running iOS 15.4.1

0 Kudos
Reply
5 REPLIES 5

matthias_bretz
New Contributor III

Posted on ‎05-10-2022 05:34 AM

This is what ends up on the iPhone.

IMG_7BFD669639AA-1.jpeg

0 Kudos
Reply

jpeters21
Contributor II

Posted on ‎05-10-2022 09:21 AM

do those settings require supervised or DEP? 

for informational purposed (we have not gone BYOD yet but I see it on the horizon) do you see these as potential attack vectors or are you just going with trying to match with company owned devices? 

Voice dialing while device is locked
Restricted
Sending diagnostic reports to Apple
Restricted
Apple Watch wrist detection
Restricted
0 Kudos
Reply

matthias_bretz
New Contributor III

Posted on ‎05-10-2022 11:07 PM

The shouldn't as they are advertised special for BYOD.

 

These three have different reasons:

We see voice-dialing and Apple Watch wrist detection as potential attack vector (like someone using the phone of a higher employe to get informations).

Diagnostic reports is to be compliant with European GDPR.

0 Kudos
Reply

jpeters21
Contributor II
In response to matthias_bretz

Posted on ‎05-11-2022 07:32 AM

thanks for the info

0 Kudos
Reply

matthias_bretz
New Contributor III

Posted on ‎05-11-2022 01:29 AM

Seems like these two

Managed apps can write contacts to unmanaged contacts accounts
Restricted
Unmanaged apps to read contacts from managed contacts accounts
Restricted

need these two

Documents from managed sources open in unmanaged destinations
Restricted
Documents from unmanaged sources open in managed destinations
Restricted

to get applied. But the contacts restrictions won't be displayed under Settings -> Management -> Restrictions.

More in this thread:

https://community.jamf.com/t5/jamf-pro/unmanaged-app-reading-managed-contacts-although-restriction-i...

Reply