3.2.1.21 Ensure 'Allow Handoff' is set to 'Disabled'

Information

This recommendation pertains to Apple's Handoff data sharing mechanism.

Rationale:
Handoff does not enforce managed app boundaries. This allows managed app data to be moved to the unmanaged app space on another device, which may result in data leakage.

Solution

1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the Restrictions tab.
4. In the right windowpane, under the tab Functionality, uncheck the checkbox for Allow Handoff.
5. Deploy the Configuration Profile.

Impact:
End-users may be inconvenienced by disabling Handoff on their personal devices.

See Also

https://workbench.cisecurity.org/files/2141