Data Loss Prevention (DLP) policy change introduced in Content Locker 4.13 for iOS

Version Identified

Content Locker 4.13

 

Summary

Content Locker for iOS 4.13.1 has introduced the ability to have enhanced data security by restricting the list of apps that can import content in to Content Locker based on the DLP setting.  To take advantage of this feature, it must be enabled as follows:

  • Enable DLP and then enable the “Limit Documents to Open Only in Approved Apps” flag. Add the list of managed apps and save the settings. This defines the list of apps that are allowed to open documents into CL
  • The configuration keys in Workspace ONE UEM (AirWatch) Console can be used to restrict import of content from third-party applications and native apps into the Content Locker as desired
  • Additional information can be found in the Mobile Content Management Guide- Chapter 7: App Suite SDK Configurations > Configure Default SDK Security Settings > (iOS Only) Configure Import Restriction in Content Locker. It is not yet documented on the web documentation.

 

Customer Impact

The ContentImportRestriction and ContentImportAllowNativeApps configuration values can be used in combination to configure the import restriction as per the customer's requirement.

In order to restrict import of content from third party apps, ContentImportRestriction needs to be enabled. When enabled, device users cannot import content from any third-party applications, except the native iOS applications, into the Content Locker.

In order to restrict import of content from any third-party apps including the native iOS apps, disable the additional ContentImportAllowNativeApps key. The ContentImportAllowNativeApps key is enabled by default and allows import from all native apps such as iOS native Email, Files, Safari and AirDrop. In order to allow importing from all native apps along with selected third-party apps (non-native), add the third-party applications to the whitelist.

In order to allow import from specific native applications, disable the ContentImportAllowNativeApps key and add the allowed native applications in the whitelist.

Note: The Limit Documents to Open Only in Approved Apps option must be enabled in the Data Loss Prevention settings before enabling the configuration key values. Safari and AirDrop cannot be whitelisted as there is no associated bundle ID.

To configure the values in the SDK Default settings, perform the following steps:

  1. Navigate to Groups & Settings > All Settings
  2. From All Settings, navigate to Apps > Settings & Policies > Settings
  3. Select Enable Custom Settings and paste the configuration keys as per your requirement. For example, to allow import only from native apps, use:
    {"ContentImportRestriction": true}
    To block import from all third-party apps, use:
    {"ContentImportRestriction": true, "ContentImportAllowNativeApps": false}
  4. To allow importing from a specific list of apps (whitelist) navigate to Settings & Policies > Security Policies. Select the Allowed Applications List next bus and list the applications you want to allow the users to import content into the Content Locker. 
  5. Select Save. 

In order to configure the values in the custom SDK profile for Content Locker, perform the following steps:

  1. Navigate to Groups & Settings > All Settings
  2. If you have an existing custom profile, navigate to Apps > Settings & Policies > Profiles > Custom Profile > Custom Settings
  3. If you want to add a custom profile, navigate to Apps > Settings & Policies > Profiles > Add Profile > SDK Profile > iOS > Custom Settings. 
  4. From Custom Settings, select Configure and paste the configuration keys are per your requirement. For example, to allow import only from native apps:
    {"ContentImportRestriction": true}
    To block import from all third-party apps, use:
    {"ContentImportRestriction": true, "ContentImportAllowNativeApps": false}
  5. From the Restriction section, select Restrict documents to be opened in following apps and add the list of apps you want to allow as per your requirement (whitelist). 
  6. Select Save. 

Other Languages: 日本語

Have more questions? Submit a request

0 Comments

Article is closed for comments.