A new bug was discovered with Apple’s Facetime app that gives the caller the ability to listen to the other device and even watch the video without approving the call. This vulnerability is not giving access to corporate data or personal information, but have more consequences on personal level.
Even though Apple temporarily kill the switch of the service and seems to have solved the problem via a future software update, there are some actions that can be made if you want to avoid trouble.
You can manually turn off the Facetime app with iOS and MacOS. But, can we block this kind of app in an enterprise environment? Yes, you can block the facetime app on all devices by deploying a device configuration with Microsoft Intune. This post will show you how to block Apple facetime built-in app with Microsoft Intune.
Note that you can deploy this profile to supervised iOS devices and BYOD device as well.
- To block
AppleFacetime app with Intune, navigate to https://portal.azure.com and click on Intune
- Click on Device Configuration and Create Profile
- Type a Name for the policy name and select iOS as the selected platform
- Choose Settings then Built-in Apps, change the Facetime switch to Block and click Ok, Ok and Save
You create the profile, it is now time to assign this profile to a group of people or all users. First of all, make sure you test your profile to a test device before going at large.
- Select Assignments and choose Select groups to deploy to a specific group, or, you basically deploy your policy to all users
- Once you’ve assigned the profile, click on Save
What will happen when the policy is applied
When Apple deploys the patch in the future, update your iOS devices before re-enabling the Apple Facetime App feature. You can manage operating system versions with Intune by using a compliance policy or app protection policy to force users to upgrade their devices by setting a minimum version.
You can also configure iOS update policies in Intune for supervised devices.