2.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'

Information

This recommendation pertains to whether a message can be moved from an institutionally configured mail account to an end-user configured mail account. It also limits forwarding or replying from a different account than that from which the message originated.

NOTE: This recommendation only applies if an institutionally configured mail account resides on the device.

Rationale:

Permitting the movement of messages from a managed email account to an unmanaged email account may result in data leakage.

Solution

From the Configuration Profile:

Open Apple Configurator.

Open the Configuration Profile.

In the left windowpane, click on the Mail tab.

In the right windowpane, check the checkbox for Allow user to move messages from this account.




Default Value:

Message movement, forwarding, and reply is unrestricted.

See Also

https://workbench.cisecurity.org/files/3064