How to restrict saving/sharing documents and attachments on iCloud drive? 

Description

With usage of mobile devices becoming exponentialluy huge in organizations, data security is now becoming paramount. In case of iOS devices, there are chances of the confidential corporate documents/attachments shared to the users, getting saved on iCloud drive app, a third-party cloud service. This is not ideal in case of data security. MDMP MSP lets you completely disable iCloud drive app or certain features as explained below: 

Steps

Restrict/Disabling iCloud drive app

  • On your MDMP MSP server, click on Device Mgmt and select Profiles from the left menu.
  • Click on Create Profile and select iOS from the dropdown. Select Restrictions from the available list of policies.
  • To restrict sharing of documents to iCloud Drive, go to the Security module and disable sharing of data from managed apps to unmanaged apps. It is to be noted this restriction gets applied to all unmanaged apps(apps not distributed via MDMP MSP) including iCloud.
  • To restrict iCloud services completely, go to Advance Security module and disable further addition/modification of accounts to the device. This effectively restricts not only iCloud account addition but addition of other accounts as well. However, you can still add these accounts via MDMP MSP. For adding an E-mail account, you can utilize the E-mail policy. Instead of adding Apple account to install apps, you can choose to silently install them without adding/requiring an Apple account.
  • To restrict certain features of the iCloud services (in case of personal devices), you can utilize the dedicated iCloud module. Here, you can choose to restrict specific features such as data/document syncing, device back up etc.,
  • Once done, save and publish the profile. You can then distribute it to devices and/or groups.

Alternatives to iCloud drive

  • You can use ME MDM app which can be used as the only for accessing e-mail attachments as explained here.
  • You can use Content Management module, present in MDMP MSP to confidentially and securely share the documents to managed devices.
  • For securing downloads from a website, you can configure Managed Web Domains, which ensures any download from a specific set of websites can always be accessed only using ME MDM app.