Vulnerability iOS Microsoft Office Security - No Pin Required

SOLVED
Go to solution
Highlighted
Contributor

Vulnerability iOS Microsoft Office Security - No Pin Required

Does this vulnerability sound like it should not be fixed? It's been present since day 1...

 

  • If you have Box Mobile App installed and a Pin is enforced, your data is protected by pin every time you launch the app.
  • If you install iOS Excel or Word and then sign into the application/authorize, anytime you launch word or Excel, you are not prompted to sign in again and there is no passcode enforced on either of those apps. They have full access to all documents in your Box account.
  • Box Device Trust and EMM will not enforce or protect this either and is easily bypassed since this is an Application Integration, you don't even need Box Mobile installed for the integration. It's purely through Word/Excel.
  • The only work around is to disable the Office Mobile Integration in the Admin console and instead force the "open with Excel/Word" option from with the Box Mobile App. This however is not perfect since you cannot create any new documents or spreadsheets. You can only duplicate an existing one and rename it since Box App doesn't support creation of new content in Word/Excel from the Box Mobile app.

https://pulse.box.com/forums/909778-feedback/suggestions/36642781-fix-ios-microsoft-office-security-...

 

2 REPLIES 2
Contributor

Re: Vulnerability iOS Microsoft Office Security - No Pin Required

I guess inTune is the only way to enforce this.

Contributor

Re: Vulnerability iOS Microsoft Office Security - No Pin Required

Actually inTune can't fix this issue either. It's an open HOLE.