3.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'

Information

This recommendation pertains to whether a message can be moved from an institutionally configured mail account. Also, it limits forwarding or replying from a different account than that which the message originated.

NOTE: This recommendation only applies if an institutionally configured mail account resides on the iOS device.

Rationale:

Permitting the movement of messages from a managed account to an unmanaged account may result in data leakage.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the Configuration Profile:

Open Apple Configurator.

Open the Configuration Profile.

In the left windowpane, click on the Mail tab.

In the right windowpane, uncheck the checkbox for Allow user to move messages from this account.

See Also

https://workbench.cisecurity.org/files/3064