Frequently Asked Questions (FAQ)

What Intune policies are essential to set up SCA?

The Intune policies for SCA depend on the devices you use in your company. For the essential setup, only 2 Intune Policies & Conditional Access are needed! More deployment scenarios are possible and discribed in the Adminguide.

What does the starter package include specifically?

The starter package does include an onboarding of SCA in your Azure-Tennant. For an offer dedicated for your needs, contact us.

What are the additional costs if I connect CRM systems, for example?

It depends on the system to be connected and the effort to implement. We have had good experience with SAP & Salesforce.

Is there a user manual for user onboarding??

See Onboarding SCA, contact us, for a detailed user manual dedicated for your configuration.

Can I manage the SCA with other MDM solutions (other than Intune)??

SCA was developed with Microsoft Intune and uses the security features, e.g., App Protection Policy and Conditional Access provided by Microsoft. Other MDM providers are possible. Contact us!

Can I centrally manage the default settings for functions, or can the users decide for themselves?

Almost all functions can be managed centrally via App Configuration Polices via Intune. You can define if a dedicated function is available to the user or not.

For functions that the user can set themselves in the app, can the initial default setting, be controlled centrally?

The app can also be managed for different user groups within a customer tenant with individual configuration policies. E.g., dedicated users can use other functions than people on site.

What deployment scenarios are you offering?

We offer 3 deployment scenarios for Intune: 1) Managed Device (MDM)*: Corporate devices with MDM management App configuration policy (Managed devices)

Optional:

Compliance Policy

Conditional Access (Require a compliant device).

2) Managed Device with App Protection: Corporate devices incl. App Protection Policy

• App Configuration Policy (Managed devices)

• App Protection Policy (Managed devices)

• Conditional Access Policy (Require App Protection Policy).

3) Unmanaged for BYOD (MAM-WithoutEnrollment): Private devices or corporate devices without MDM management.

• App Configuration Policy (Managed Apps)

• AppProtection (Unmanaged Devices)

• Conditional access (App protection policy required)

Which apps on the endpoint are affected by the configuration of Conditional Access or App Protection Policies?

Since for Conditional Access, we need to use Office 365 as a cloud app if you use the grant "Require App Protection Policy" Be Aware: All Office Apps, you will need to logon with an Azure-Account on your device are affected by this configuration! For example, Outlook, Teams, OneDrive etc. have to be configured with App Protection Policies in Intune.

How does the integration of e.g., Exchange contacts work?

If Exchange Online is used, all "Exchange contacts" of the user are automatically synchronized in the app > Data source (APC)

How does the SCA handle duplicate contacts with different spellings? Contacts exist simultaneously in different systems, like Outlook or a CRM how does SCA handle this?

For two contacts to be merged into one, the first and last name must be spelled identically and at least one phone number or email address must be identical.

How does caller identification work?

The app uses Apple's iOS Call Kit feature to block and identify calls. The phone numbers to be identified or blocked are manged by the SCA extension Call Directory before an incoming call and stored by the operating system and hidden from all other apps on the phone. When the phone receives an incoming call, the system checks the user's local contacts for a matching phone number. If no match is found, the system uses the SCA extension Call Directory to find a matching entry in order to identify the incoming phone number.

How data encrypted in the Secure Contacts App on the phone and in transit?

App data at rest

The app stores all data in an encrypted SQLite database with an AES256 cipher.

The cryptography key is randomly generated when the app is first launched using Microsoft's RNGCryptoServiceProvider. The key is securely stored in the device's local iOS key chain.

The SCA app container itself is secured by MS Intune App Protection.

In this way, neither another app nor the operating system itself can view or modify the stored data.

App data in transit

The app communicates only with the MS Azure cloud.

Primarily with Graph API and the Azure Authentication Endpoint, optionally with Azure Blob Storage and Azure Dataverse.

All API calls or transactions are made over HTTPS with Transport Layer Security (TLS). After SSL handshake negotiation, SCA and Azure API endpoints use the strongest encryption algorithm available on both sides.

SCA does NOT collect telemetry data or connect to endpoints other than MS Azure Cloud.

How does the SCA handle duplicate contacts with different spellings?

Contacts exist simultaneously in different systems, like Outlook or a CRM how does SCA handle this for two contacts to be merged into one, the first and last name must be spelled identically and at least one phone number or email address must be identical.

Can contacts be customized by the user in the app?

Users can't change contacts within SCA. It is only possible for the user to create, edit or delete new Outlook contacts in Outlook. Changes are shown with a resync of the contacts in the app by swiping down on the contact screen. Customization of Outlook Contacts within the app is on the roadmap for Q2 in 2023.