Assessing cybersecurity risk on the use of Jira and Confluence mobile app

Hi Everyone,

We are trying to explore and assess the security posture for the Jira and Confluence mobile apps. While the apps boost productivity, they introduce risks like data leakage on unmanaged devices.

I’m curious how others are balancing accessibility with compliance.

Specifically:

Mobile App Policies: Are you using Atlassian Guard to enforce biometrics (FaceID/Passcode) and disable screenshots or data exports (e.g., "Open In" restrictions)?

Mobile Browser possible? vs. App: Have you implemented the policy to block mobile browser access to force users into the more secure, managed app environment?

MDM vs. MAM: Do you rely on Atlassian’s native MAM controls, or do you wrap the apps in a third-party solution like Intune?

Regarding past incidents, while Atlassian hasn't had a major "mobile-specific" breach, the risk remains account takeover and unauthorized data downloads.

How are you handling BYOD for these apps?

Also want to understand if Atlassian is actively adding new features and enhance security to the app?

I'd love to hear your "lessons learned" .

2 comments

Comment

I have spoken to both Microsoft Intune team and Atlassian reps about the security of the mobile apps and the ability to manage them via Intune. Including such features and protecting the data by storing it in the companies container and allowing auth to use a specific managed browser vs the native browser.

Microsoft informed me that it's up to the application developer to leverage / expose the APIs so that intune can manage the application.

I asked Atlassian if there was plans to perform that hardening so that they could be used with the Atlassian Government Cloud deployments of Jira and Confluence and I was told that the mobile apps would not be supported in that instance.

That was the end of my exploration.

Like • like this

Thanks @david_morse for your sharing. Are there any mobile security or product folks from Atlassian who can weigh in on this? I am also curious whether there are active developments on the mobile on the apps, especially in the area of mobile security and policies. I really want to understand the intended use cases for Jira and Confluence on a small mobile screen.

Our apps Jira, Confluence, and Rovo do support Intune SDK.

See more here: https://support.atlassian.com/security-and-access-policies/docs/integrate-intune-security-in-a-mobile-app-policy/

If you need more information or help, don't hesitate to contact our support and they'd be happy to answer more questions you have.

Like • Josh likes this

You can also browse our security section to see what we do support: https://support.atlassian.com/security-and-access-policies/docs/maintain-secure-access-to-products/

Like • Kelvin Chua likes this

Can we hear from you if you've any customers whom are making both the Jira and Confluence mobile app on their BYOD mobile device that are unmanaged by the Enterprise? What are the various considerations from a Security, Support, Productivity and lastly manageability perspectives. @Clement

Interesting discussion.

Using MDM with basic app restrictions can reduce risk.
For example, enforce passcode, encryption and limit actions like copy paste or downloads.

For BYOD, managed apps are better than full device control.

Would be good to hear real experiences with Atlassian Guard on mobile.

Like • Kelvin Chua likes this

Was this helpful?

Thanks!

Trust & Security

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Assessing cybersecurity risk on the use of Jira and Confluence mobile app

2 comments

Comment

Was this helpful?

Thanks!

TAGS

Atlassian Community Events