2.2.1.10 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled'

Information

This recommendation pertains to AirDrop in the context of Apple's managed app implementation.

The terms 'managed' and 'unmanaged' refer to application classifications made through Managed Open In, a feature introduced in iOS 7. Managed Open In provides for data containerization. Institutionally-provisioned applications are designated as managed. Applications elected by the end user are designated as unmanaged.

Rationale:

When AirDrop is allowed as a managed destination, sensitive data may be moved out of the managed application space to an unmanaged device.

Solution

Open Apple Configurator.

Open the Configuration Profile.

In the left window pane, click on the Restrictions tab.

In the right window pane, under the tab Functionality, check the checkbox for Treat AirDrop as unmanaged destination.

Deploy the Configuration Profile.

Additional Information:

Note that the feature specifically mentions destination and not source. Following this recommendation does not prevent AirDrop connections into the managed application space, only AirDrop connections out of the managed application space.

See Also

https://workbench.cisecurity.org/benchmarks/15548