Data Loss Prevention (DLP) policy change introduced in Content Locker 4.13 for iOS by Jordan Cardinal
Version Identified
Content Locker 4.13
Summary
Content Locker 4.13 for iOS has introduced enhanced data security which restricts the importing of files from applications which are not whitelisted.
Customer Impact
Customers who have enabled Data Loss Prevention (DLP) whitelisting need to ensure any application which needs to open documents into Content Locker, including native applications*, are added as managed applications in the Console and added to the “Approved Apps” list. To do this, perform the following steps:
- Enable DLP and then enable the “Limit Documents to Open Only in Approved Apps” flag.
- Add the list of managed apps and select Save. This defines the list of apps which are allowed to open documents into Content Locker.
*Note: Safari is an exception to this, as it is not searchable from the App Store. VMware AirWatch is currently evaluating ways to whitelist the Safari application. A current workaround is to use an alternative managed browser.
Perform the following steps to add the native Mail app as a public app, and then proceed to whitelist this app as part of DLP policy:
- Login into the AirWatch Console
- Navigate to Apps & Books > Public
- Tap on Add Application
- Select the Platform as Apple iOS and enter the Name as ‘apple mail’ and tap on Next
- On the top right, change the country to United Kingdom (since United States does not list native mail client)
- From the list select the Mail app with the bundle ID com.apple.mobilemail . Click Save and Publish
- Save and Assign the app (Providing the assignment is not mandatory to proceed with DLP whitelisting)
Whitelist the native Mail app as follows:
- Navigate to Groups & Settings > All Settings
- From the Settings, navigate to Settings and Policies > Security Policies
- Enable the flags “DLP” and “Limit Documents to Open Only in Approved Apps”
- In the Allowed Applications list select “native Mail” and Save the settings
Fix Version
Our product team has been engaged and is actively working to resolve the issue.
View the article |