What problems occur with Intune app protection for Outlook?

IT needs to configure settings a certain way to avoid problems when end users connect Outlook to Exchange Online. Here are steps to ensure that end users experience little friction.

Microsoft Outlook mobile apps integrate well with Microsoft Intune for the most part, but users can experience some issues when they connect their Outlook apps to Exchange Online.

When admins want to allow users to synchronize their mailboxes in Exchange Online, they should encourage users to use Outlook mobile apps on Apple iOS or Google Android to prevent data leakage. One way to do that is via Intune app protection policies, which prevent data leakage when employees use mobile devices for both personal and work-related tasks. IT can apply these policies to both enrolled and non-enrolled mobile devices in the Outlook app.

Due to changes in both Intune and Outlook, admins can run into a few issues with Intune app protection.

Outlook app

Users are commonly unable to view their contacts in the native contacts apps on iOS and Android devices when they use Outlook.

This could depend on the OS and the device's enrollment status, but this may be intentional. Apple and Google now handle the separation of personal and corporate data strictly due to the General Data Protection Regulation compliance requirements.

Contact sync is not enabled by default, so IT should instruct users to enable the synchronization of their contacts to their Intune-managed mobile devices. End users can do this in Outlook via Settings > Office 365 (account) > Save Contacts.

Outlook
End users can synchronize their contacts to their mobile devices on Outlook.

Android Enterprise

When IT enables Android Enterprise in Intune on users' devices and uses Outlook as part of the work profile, users need to enable contact sync in the same way. But administrators also need to enable users' access to contacts in the work profile from the native dialing pad in Android.

Admins should configure settings in Android Enterprise so that users can:

  • search contacts in the work profile from the native contacts app;
  • display work contact caller IDs in a personal profile; and
  • share contacts via Bluetooth.

Unless admins configure these settings, users won't be able to access work profile contacts from their personal profiles.

Apple iOS

When IT manages an iOS device and deploys Outlook via Microsoft Intune, the contacts are considered business data. Therefore, Outlook is unable to store the contacts in the Contacts app if IT has blocked the device restrictions Viewing corporate documents in unmanaged apps or Viewing non-corporate documents in corporate apps.

To overcome these issues, admins should ensure that those settings are set to Not Configured.

If IT admins still want to block users from sharing data between corporate and private apps, they can use the Intune app protection policies.

Dig Deeper on Mobile management