Marko Opacic
|

Bypass Microsoft Data Protection Policies on iOS

08 Dec 2024

microsoft
intune
ios
security

If your organization uses Microsoft Intune with Mobile Application Management (MAM) policies, you probably face some restrictions when using Microsoft applications such as Outlook or Teams, even on personal devices.


These restrictions include requiring a PIN on app launch, blocking copying and pasting text to unmanaged applications, and blocking file sharing outside the managed applications. Here is a more complete list of Intune app management capabilities.


If you try copying text from a managed Teams application to, say, the Notes app, you will come across a message like this:

Your organization's data cannot be pasted here.

Amusingly, while copying and pasting text is disabled, taking screenshots is not. Along with the Live Text feature on iOS which allows you to copy text directly from a photo, this means it's trivial to bypass this restriction:

Your organization's data cannot be pasted here.

Another interesting scenario happens when you have an unmanaged account in the application alongside the account your organization manages. If the last account you left active is an unmanaged one, the app won't even ask you for your PIN on the next app launch, or when switching to the managed account.