2.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled'

Information

This recommendation pertains to whether a message can be moved from an institutionally-configured mail account to an end user-configured mail account. It also limits forwarding or replying from a different account than the one from which the message originated.

Note: This recommendation only applies if an institutionally-configured mail account resides on the device.

Rationale:

Allowing the movement of messages from a managed email account to an unmanaged email account may result in data leakage.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the Configuration Profile:

Open Apple Configurator.

Open the Configuration Profile.

In the left window pane, click on the Mail tab.

In the right window pane, check the checkbox for Allow user to move messages from this account.

Default Value:

Message movement, forwarding, and replying are unrestricted.

See Also

https://workbench.cisecurity.org/benchmarks/6168