Limiting sensitive data in notifications

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Mobile app notifications are critical in alerting users of new content or reminding them to act. Users interact with these notifications via the lock screen and in the operating system’s notification center. Notifications often include detailed information, which can be sensitive in nature. This information, unfortunately, can inadvertently be leaked to casual observers.

 

As you can imagine, the notifications that are acted on the most by enterprise users are messaging and calendaring notifications. Outlook for iOS and Android has designed their notifications to enable users to triage email and alert users to upcoming meetings, including incorporating Time to Leave suggestions. Mail notifications include the sender’s address, the subject of the message, and a short message preview of the message body. Calendar reminders include the subject, location, and start time of the meeting.

 

Recognizing that these notifications may include sensitive data, in December Intune will roll out support for limiting sensitive data in notifications and Outlook for iOS and Android is the first app (on both platforms) to take advantage of this new functionality!

 

This functionality is being delivered as a new App Protection Policy (APP) setting, Org Data Notifications. As this is an APP setting, it will apply on all devices (phones, tablets, and wearables) for the user for the apps that support the setting. When the APP Org Data Notifications is set to Block Org Data, this is how mail and calendar notifications from Outlook for iOS and Android will appear:

Limited Notifications.png

In addition, Outlook for iOS and Android is introducing a new data protection App Configuration Policy (ACP) setting that provides additional flexibility with calendar notifications – you can block sensitive information in mail notifications, while allowing sensitive information in calendar notifications. After all, your users might just need to know where they are going and when they should leave, at a glance. When Calendar Notifications is set to Allowed, the notifications will appear as follows:

Cal Notification Exposed.png

The following table outlines the notification experience in Outlook for iOS and Android based on the combination of the APP and ACP settings:

APP setting value ACP Calendar setting value Outlook notification behavior
Allow (default) Not Configured (default) Default client behavior where sensitive data is exposed in mail and calendar notifications
Block Not Configured Sensitive data is exposed in mail and calendar notifications as Outlook ignores the block setting
Block Org Data Not Configured Sensitive data is not available in mail or calendar notifications
Block Org Data Allowed

Sensitive data is not available in mail notifications

Calendar notifications expose sensitive data

As a result of these improvements, Outlook for iOS and Android is removing support for several data protection app configuration keys that were previously used to manage notifications on the iOS platform:

  • microsoft.outlook.Mail.NotificationsEnabled
  • microsoft.outlook.Mail.NotificationsEnabled.UserChangeAllowed
  • microsoft.outlook.Calendar.NotificationsEnabled
  • microsoft.outlook.Calendar.NotificationsEnabled.UserChangeAllowed

These keys will be removed starting the week of December 16th, 2019.

 

We hope you will enable this new APP setting in your deployments once it releases in December. If you have any questions, please let us know.

 

Ross Smith IV
Principal Program Manager
Customer Experience Engineering

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.