LogoLogo
Provectus Technologies GmbH
  • Introduction
    • Secure Contacts App (SCA) - Safe & GDPR Compliant
    • Technical / Security Overview
    • Editions
    • Requirements
  • Quickstart Guide
    • iOS (MAM) - Steps to activate SCA in your Entra Tenant
      • Step 1 -MAM- Register Enterprise App
      • Step 2 -MAM- Add App Protection Policy
      • Step 3 -MAM- Add Conditional Access Policy
      • Step 4 -MAM- Add App Configuration Policy
    • iOS (Intune Managed Device) - Steps to activate SCA in your Entra Tenant
      • Step 1 -MDM- Register Enterprise App
      • Step 2 -MDM- Add App Protection Policy
      • Step 3 -MDM- Add Conditional Access Policy
      • Step 4 -MDM- Add App Configuration Policy
    • Android (Android Enterprise) - Steps to activate SCA in your Entra Tenant
      • Step 1 -AE- Register Enterprise App
      • Step 2 -AE- Add App Configuration Policy
    • Android (aMAM) - Steps to activate SCA in your Entra Tenant
      • Step 1 -aMAM- Register Enterprise App
      • Step 2 -aMAM- Add App Configuration Policy
      • Step 3 -aMAM- Add App Protection Policy
      • Step 4 -aMAM- Add Conditional Access Policy
    • Additional Datasource for SCA
    • Best-Practice Guide for SCA
  • Enduser guide
    • iOS - Onboarding SCA
    • iOS - activate Caller Identification
    • iOS - Userguide
    • iOS - App Manual
      • Contacts page
      • Contacts Sync
      • Contact information
      • Contact settings menu
      • Side menu
      • Logviewer
      • Help menu
      • vCard
    • Android Enterprise - Userguide
  • Documentation
    • Authentication
      • Enterprise Application
      • Conditional Access
        • CA with SCA - Require Complaint Device
        • SCA with CA - Require App Protection Policy
    • Deployment SCA
      • iOS - App Installation
      • Android - App Installation
      • App Configuration
        • iOS - MobileDeviceManagement (MDM) protocol
        • Android - App Restrictions
        • AppConfigurationPolicies
          • iOS - App Configuration Policies - MAM Integration in Microsoft Intune
          • Android - App Configuration Policies - MDM Integration in Microsoft Intune
      • App Protection Policy - Integration in Microsoft Intune
        • APP - unmanaged Devices
        • APP - managed Devices
        • Requirement - Open phone-settings
        • Requirement - Open Maps app
        • Requirement - Open GoogleMaps app
        • Requirement - Open WebExTeams
        • Requirement - Open WhatsApp
        • Requirement - Open Facetime
        • Requirement - Open email-link from SCA in Outlook
      • Deployment for your Devices in Intune
        • Deployment iOS - MAM-WE - APP only
        • Deployment iOS MDM - Managed & Complaint Device
        • Deployment iOS MDM - Managed Device & APP
        • Deployment Android MDM - Managed Device
    • App Configuration Policy -Name/Values for SCA
      • SCA Configuration - SecContacts.Defaults
      • SCA Configuration - SecContacts.Licenses
      • SCA Configuration - AAD filters
      • SCA Configuration - AAD groups
      • SCA Configuration - Connect additional Datasource
      • SCA Configuration - Custom Datasource Names
      • SCA Configuration - CI Customization
    • Data Sources
      • AAD - Azure Active Directory
      • GAL - Global Address List
      • APC - Personal Outlook Contacts
      • D365 - Dynamics 365
      • DVRS - Dataverse
      • ABS - Azure Blob Storage
      • SMC - Shared Mailbox Contacts
    • Valid phone numbers for SCA
    • iOS and Android version of SCA in comparison
  • Additional Information
    • Troubleshooting
    • Frequently Asked Questions (FAQ)
    • Phone number handling defaults changed in release v2.0.19
    • Links
    • Product Page - Secure Contacts App
Powered by GitBook
On this page

Was this helpful?

  1. Additional Information

Frequently Asked Questions (FAQ)

Question
Answer

What Intune policies are essential to set up SCA?

The Intune policies for SCA depend on the devices you use in your company. For the essential setup, only 2 Intune Policies & Conditional Access are needed! More deployment scenarios are possible and discribed in the Adminguide.

What does the starter package include specifically?

The starter package does include an onboarding of SCA in your Azure-Tennant. For an offer dedicated for your needs, contact us.

What are the additional costs if I connect CRM systems, for example?

It depends on the system to be connected and the effort to implement. We have had good experience with SAP & Salesforce.

Is there a user manual for user onboarding??

See Onboarding SCA, contact us, for a detailed user manual dedicated for your configuration.

Can I manage the SCA with other MDM solutions (other than Intune)??

SCA was developed with Microsoft Intune and uses the security features, e.g., App Protection Policy and Conditional Access provided by Microsoft. Other MDM providers are possible. Contact us!

Can I centrally manage the default settings for functions, or can the users decide for themselves?

Almost all functions can be managed centrally via App Configuration Polices via Intune. You can define if a dedicated function is available to the user or not.

For functions that the user can set themselves in the app, can the initial default setting, be controlled centrally?

The app can also be managed for different user groups within a customer tenant with individual configuration policies. E.g., dedicated users can use other functions than people on site.

What deployment scenarios are you offering?

We offer 3 deployment scenarios for Intune: 1) Managed Device (MDM)*: Corporate devices with MDM management App configuration policy (Managed devices)

Optional:

Compliance Policy

Conditional Access (Require a compliant device).

2) Managed Device with App Protection: Corporate devices incl. App Protection Policy

  • App Configuration Policy (Managed devices)

  • App Protection Policy (Managed devices)

  • Conditional Access Policy (Require App Protection Policy).

3) Unmanaged for BYOD (MAM-WithoutEnrollment): Private devices or corporate devices without MDM management.

  • App Configuration Policy (Managed Apps)

  • AppProtection (Unmanaged Devices)

  • Conditional access (App protection policy required)

Which apps on the endpoint are affected by the configuration of Conditional Access or App Protection Policies?

Since for Conditional Access, we need to use Office 365 as a cloud app if you use the grant "Require App Protection Policy" Be Aware: All Office Apps, you will need to logon with an Azure-Account on your device are affected by this configuration! For example, Outlook, Teams, OneDrive etc. have to be configured with App Protection Policies in Intune.

How does the integration of e.g., Exchange contacts work?

If Exchange Online is used, all "Exchange contacts" of the user are automatically synchronized in the app > Data source (APC)

How does the SCA handle duplicate contacts with different spellings? Contacts exist simultaneously in different systems, like Outlook or a CRM how does SCA handle this?

For two contacts to be merged into one, the first and last name must be spelled identically and at least one phone number or email address must be identical.

How does caller identification work?

The app uses Apple's iOS Call Kit feature to block and identify calls. The phone numbers to be identified or blocked are manged by the SCA extension Call Directory before an incoming call and stored by the operating system and hidden from all other apps on the phone. When the phone receives an incoming call, the system checks the user's local contacts for a matching phone number. If no match is found, the system uses the SCA extension Call Directory to find a matching entry in order to identify the incoming phone number.

How data encrypted in the Secure Contacts App on the phone and in transit?

App data at rest

The app stores all data in an encrypted SQLite database with an AES256 cipher.

The cryptography key is randomly generated when the app is first launched using Microsoft's RNGCryptoServiceProvider. The key is securely stored in the device's local iOS key chain.

The SCA app container itself is secured by MS Intune App Protection.

In this way, neither another app nor the operating system itself can view or modify the stored data.

App data in transit

The app communicates only with the MS Azure cloud.

Primarily with Graph API and the Azure Authentication Endpoint, optionally with Azure Blob Storage and Azure Dataverse.

All API calls or transactions are made over HTTPS with Transport Layer Security (TLS). After SSL handshake negotiation, SCA and Azure API endpoints use the strongest encryption algorithm available on both sides.

SCA does NOT collect telemetry data or connect to endpoints other than MS Azure Cloud.

How does the SCA handle duplicate contacts with different spellings?

Contacts exist simultaneously in different systems, like Outlook or a CRM how does SCA handle this for two contacts to be merged into one, the first and last name must be spelled identically and at least one phone number or email address must be identical.

Can contacts be customized by the user in the app?

Users can't change contacts within SCA. It is only possible for the user to create, edit or delete new Outlook contacts in Outlook. Changes are shown with a resync of the contacts in the app by swiping down on the contact screen. Customization of Outlook Contacts within the app is on the roadmap for Q2 in 2023.

Last updated 8 months ago

Was this helpful?