How to configure automatic Contact Syncing from Microsoft Outlook to the native Contacts App including Contact Fields filtering on iOS and Android BYOD devices with Microsoft Endpoint Manager

After companies apply Mobile Application Management (MAM) / App Protection Policies to their employees’ mobile devices, and forced them to use the Managed Outlook app instead of the native mail application, one of the most frequently asked questions are “how can I see who’s calling me?” and “where are my contacts? I don’t see them in my native contacts app”. This has everything to do with the fact that contacts are now in a “isolated/secured app container” and not accessible by other non-managed / secured applications.

Within an App Protection policy you can Allow contact sync with the native contacts application so users can see who’s calling again, but it’s still a manual step the end user has to do. Most of the time, this end user will call the support desk for it which causes quite a load on that department after such an implementation.

Sometimes companies are also worried about syncing contacts from the Managed Outlook application to the native unsecured Contacts application, this partly because they are afraid of data leaks and the fact that other non-managed applications can have access to the contacts that are synced to the native unsecured Contacts application.

Fortunately, with a separate App Config policy, you can force Contact Sync for the end user, so users don’t have to call the support desk anymore, and you can limit the Contact fields that may be synchronized to the native Contacts application, for example; only name and phone number and block all other information from syncing. This to possibly limit the damage in case of a data leak, and on the other hand, keep it workable for the end user.

The good news is that you can apply this policy even to devices that you are not managing with an MDM profile. This works on a BYOD device with only an MAM profile as well.

I will show you step-by-step in this blog post how to configure this App Config policy, and I will also show you the end user experience.

Current environment

Before we start I will tell you something about my environment and how I will test the results. For this blog/demo I have created a new test user that will configure Microsoft Outlook on his iPad for the first time. This iPad is NOT under management of Microsoft Endpoint Manager. In the Microsoft Endpoint Manager environment, an App protection policy is created as shown in the below screenshot.

In this App Protection policy Sync app with native contacts app is set to Allow. This policy is assigned to the new test user.

I have logged to the Outlook web-interface with this test user and created a new Contact. Note that I have also filled in the Company name, Business address and Notes fields.

Create the App Configuration Policy

For the next steps, login to the Microsoft Endpoint Manager admin center

Navigate to Apps > App configuration policies

Click the + Add button and choice for Managed apps (for applying this policy on unmanaged / BYOD devices)

Give the App configuration policy a Name and click on + Select public apps. Search for Outlook. In this case I will add Outlook for both iOS/iPadOS and Android devices. Click Select

Click Next

Click on Outlook configuration settings so all the Outlook configuration options become visible.

If you set Save Contacts to Yes, contact syncing will automatically be enabled on the end users device. You can also configure to Allow user to change setting, if you want to give the end user the possibility to turn it off again.

If you scroll down to the Sync contact fields to native contact app configuration, you can see that you can specify which fields may be syncing to the native contacts application. For this blog/demo I set everything to NO, accept related Name fields.

I also allow all related Phone Number fields. Click Next

Assign this policy to a group of users and click Next

And final step, click Create

Test the result

Let’s test the results on an iPad device with these policies applied.

As you can see, no contacts are at this moment in the Native Contacts application

When the user starts the Microsoft Outlook app for the first time and configured his/her Office 365 mail account, the App Protection policies are applied. Tab OK

Tab OK

Set or enter the  App PIN

Now you see that the App Configuration policy is applied and that Contacts Sync will be enabled. Therefor Microsoft Outlook needs permission to access the Contacts. Tab OK

Tab OK

Tab Turn On (if you want to)

Tab Allow

After that you see in the Native Contacts application that the Contacts are synced, but only with the Contacts Fields that were allowed by the policy. All Company information, Email address and Notes are not available.

15 comments

  • Hi
    Super thanks very useful.
    This apply to personal contacts.
    Is it possible to do something similarly with the global address book?
    Thanks
    Brian

  • Hi Robin, great post!
    What about Whatsapp sync contacts from work profile. Today is not possible? when my user enrolled his Android BYOD and only enable contacts from work profile, the name contacts in Wap don’t show =(.
    IOS works fine!
    Thanks!

    • Hi Edward, that is correct. When syncing contacts from Outlook to native contacts app, the contacts will be synced to the contacts app in the Android Enterprise Work Profile (in this case). However, you can enable that the native contacts app outside the AE Work Profile can look/search into the native contacts app within the Work Profile. So searching and calling should be possible. But be aware that not all applications support this since other API are used for this. For example, WhatsApp is not supporting this and a lot of customers use this, even for work :-\

  • Hello,
    For devices enrolled in Intune with an application configuration policy where we apply the OUtlook email profile, is it also necessary to create a MAM policy for Outlook?

    • Hi David, it depends what your goal is. With MAM you create a “secure app container” where in you can “isolate” company data.

  • Hello Robin,

    It is possible to configure a shared mailbox to the outlook app in android?

    Best regards,

    David

    • Yes, click on the house symbol (top left), on the envelope with the plus and choose shared mailbox.
      Afaik, he shared mailbox has to be on Exchange online to make it work.

  • Hi Robin,

    This looks really interesting and something that will help us out a lot.

    In the article you specifically use and test this on an IOS device. Do you know if this works equally well on Android and have you tested it on Android?

    Regards,
    Neil

  • The actual save contacts settings such as which fields to sync to contacts are not possible when selecting “managed Devices” , i wonder why those granular options are not possible on MDM managed devices. Weird…

  • Hi Robin,

    Thanks for this very helpful article! We noticed that incomming calls from unkown numbers can’t be saved to the company contacts app. And going through the contacts on the “phone-app” does not show any company-contacts. only aftert searching for them they appear. is there a way to solve this issue or how do you deal with this?

    thank you and regards
    adrian

About Robin Hobo

I work as a Senior Solution Architect with focus on the Modern Workspace. I am specialized in Azure Virtual Desktop (AVD), Windows 365 and Microsoft EM+S (including Microsoft Endpoint Manager - Microsoft Intune).

For my full bio, check the About Me page.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close