How to configure automatic Contact Syncing from Microsoft Outlook to the native Contacts App including Contact Fields filtering on iOS and Android BYOD devices with Microsoft Endpoint Manager

After companies apply Mobile Application Management (MAM) / App Protection Policies to their employees’ mobile devices, and forced them to use the Managed Outlook app instead of the native mail application, one of the most frequently asked questions are “how can I see who’s calling me?” and “where are my contacts? I don’t see them in my native contacts app”. This has everything to do with the fact that contacts are now in a “isolated/secured app container” and not accessible by other non-managed / secured applications.
Within an App Protection policy you can Allow contact sync with the native contacts application so users can see who’s calling again, but it’s still a manual step the end user has to do. Most of the time, this end user will call the support desk for it which causes quite a load on that department after such an implementation.
Sometimes companies are also worried about syncing contacts from the Managed Outlook application to the native unsecured Contacts application, this partly because they are afraid of data leaks and the fact that other non-managed applications can have access to the contacts that are synced to the native unsecured Contacts application.
Fortunately, with a separate App Config policy, you can force Contact Sync for the end user, so users don’t have to call the support desk anymore, and you can limit the Contact fields that may be synchronized to the native Contacts application, for example; only name and phone number and block all other information from syncing. This to possibly limit the damage in case of a data leak, and on the other hand, keep it workable for the end user.
The good news is that you can apply this policy even to devices that you are not managing with an MDM profile. This works on a BYOD device with only an MAM profile as well.
I will show you step-by-step in this blog post how to configure this App Config policy, and I will also show you the end user experience.
Current environment
Before we start I will tell you something about my environment and how I will test the results. For this blog/demo I have created a new test user that will configure Microsoft Outlook on his iPad for the first time. This iPad is NOT under management of Microsoft Endpoint Manager. In the Microsoft Endpoint Manager environment, an App protection policy is created as shown in the below screenshot.

In this App Protection policy Sync app with native contacts app is set to Allow . This policy is assigned to the new test user.

I have logged to the Outlook web-interface with this test user and created a new Contact. Note that I have also filled in the Company name, Business address and Notes fields.
Create the App Configuration Policy
For the next steps, login to the Microsoft Endpoint Manager admin center

Navigate to Apps > App configuration policies

Click the...