The Secure Contacts app enables the management of business contacts on a smartphone in compliance with data protection regulations. Full integration with Microsoft Intune protects personal data and prevents synchronization with third-party apps such as WhatsApp, Google, etc. Users don’t have to store and maintain a single business contact on their own device.
All business data from the company address book, the personal Outlook address book, and customer data from any CRM systems or other sources are available in the app and managed centrally. It acts as a protected and encrypted container that prevents unintentional data loss to third-parties.
GDPR-compliant
Prevent uncontrolled loss of contact data by apps with access to the device’s phonebook (e.g., WhatsApp).
Encryption
256-bit AES encryption of data
Central MDM integration
(e.g. Microsoft Intune) with granular policies and differentiated user group management.
Control over the data
No storage of data in iCloud or local backups and deletion in case of:
Protection against data leakage and loss
In case of device loss or job change.
Extended security features
Such as anonymous calls, vacation mode, and out-of-office status display.
Usability & management
All contacts in one app
Company address book, Outlook, GAL, CRM systems (Dynamics 365, Salesforce, HubSpot), Azure Dataverse & more.
Intelligent caller identification (Caller ID)
And automated data maintenance with duplicate consolidation.
Outlook integration
Create, edit, and delete contacts directly in the app.
QR & vCard support
For quickly adding new contacts including multiple vCard management.
Telephony & messenger integration
Telephony & messenger integration.
Microsoft Teams functions
Status display, calls, and chats directly from the app.
User-friendliness & customization
Modern UI with tab navigation, notes function, Siri & CarPlay support, and corporate identity customization.
The app’s security concept is based on two components: On the one hand, data is encrypted within the app, and on the other, a security configuration is applied to the app via the Microsoft UEM System Endpoint Manager (Intune) and the Microsoft Authentication Library (MSAL) in combination with the Intune SDK.
The Secure Contacts App is a cloud-native application, meaning it receives all contact information from your Azure tenant. Primary data sources are Azure Active Directory (AAD) and the Global Address List (GAL). In addition, the app receives contact information from the user’s personal Outlook contacts (APC, Exchange Online only). As of Version 3, these Outlook contacts can be created, edited, and deleted directly in the app. Contacts can also be added via QR codes or vCards, including support for multiple vCards. Optional data sources include Dynamics 365 (D365), MS Dataverse (DVRS), and Azure Blob Storage (ABS), which require additional configuration in the customer’s Azure tenant.
The app communicates only with the MS Azure Cloud, which means primarily with the Graph API and Azure Authentication Endpoint, and optionally with Azure Blob Storage and Azure Dataverse. All API calls or transactions are made via HTTPS with Transport Layer Security (TLS). After the SSL handshake, the Secure Contacts app and Azure API endpoints use the strongest encryption algorithm available on both sides. The app does not collect telemetry data in the process, nor does it connect to any endpoints other than the MS Azure Cloud.
The Secure Contacts app stores all data in a SQLite database with AES-256 encryption. The cryptography key is randomly generated using Microsoft’s RNGCryptoServiceProvider when the app is first launched. It is then securely stored in the device’s local iOS key chain. The app container itself is secured by MS Intune app protection. As a result, neither another app nor the operating system itself can view or modify the stored data.
In addition to security features, the Secure Contacts App also integrates the Microsoft Intune SDK. This enables control of functions through Microsoft App Protection Policies.
These include, among others, the following functions:
Secure access via app PIN or biometric factors
App data encryption
Control of data flow:
Control of the OpenIn function: in which apps is OpenIn allowed?
Control of copy/paste: in which apps is copy/paste allowed?
Control of links: in which apps can calls, emails, or chats be initiated, and which web browser should be used?
Control of usable integrations: e.g., release or restriction of CarPlay and Siri functionalities (CPE).
Access control when printing data
Selective deletion of app data, e.g., in case of device loss
Authentication is based on the current Microsoft Authentication Library (MSAL) in combination with the Intune SDK, which supports modern security mechanisms such as Face ID. It is used to log in with a work, school, or university account to the Microsoft Azure AD Enterprise App “Provectus – Secure Contacts.” The user IDs used for login can be found in your tenant.
The configuration of Azure AD account security (passwords, authentication factors, etc.) is carried out by you. You decide which security configuration is applied to user accounts.
Microsoft Conditional Access is used to control which devices can use the app. For example, it can be specified that the app may only be used on company-owned, MDM-managed, or personal devices. The configuration of Microsoft Conditional Access policies is also carried out by the customer. You decide which access is allowed or denied.
Request your free trial license with the full range of features and convince yourself of the benefits for your daily work.
The Secure Contacts app processes the following contact information:
• First and last name
• Company name
• Position/job title
• All stored email addresses
• All stored phone numbers
• Profile photos
• Contact GUID
• Data source name/ID/priority
• Hash ID
The resync process initiates when the app is launched for the first time or when the user performs pull-to-update. During the resync process, the app queries all configured data sources the user has been authorized for. It then analyzes each received contact, removes duplicates, merges contacts from different data sources and, if possible, standardizes each phone number using the international format (ITU-T E. 164). After that, the contact data is encrypted and stored in the local SQLite Cipher database. The next time the program is started, the contact data will be loaded from the database.
The Secure Contacts app uses Apple’s iOS CallKit blocking & identification feature. Before an incoming call, the phone numbers needing identification are loaded from the Call Directory extension and stored by the operating system hidden from all other apps on the phone. When the phone gets an incoming call, the system first searches the user’s local contacts to find a matching phone number. If no match is found, the system then searches the Secure Contacts app’s caller directory to find a matching caller identification entry.
If configured, the Secure Contacts app uses the Graph API to periodically query the status of MS Teams. To do this, it sends the GUID of each contact originating from Azure Active Directory [AAD] to the Graph API and then retrieves the status information. This information is then included in the current view of the application. Depending on the current view, the query interval is between 20 and 60 seconds. The application stops querying the status of MS Teams when it is running in the background.
• Azure Active Directory Premium P1 (or higher)
• Exchange Online P1 (or higher)
• Microsoft Intune
• iPhone with iOS 15 or later
• iPad with iOS 15 or later
Get the app here
