ios12was announced and demonstrated at wwdc, beta started at june 19th and public beta followed at june 25th
since ios 11.3 it is possible to surpress ios update on managed devices – cause you want to test new releases in your infrastructure – ensure that all of your productivity apps running fine with the new version
it is mandatory that those devcies are supervised, setup with apple device enrollment program or enabled with apple configurator
with current emm vendor it is possible to simply enable/disable this value – otherwise configure a profile in apple configurator, either send it via mail or upload to enterprise mobility management suite and deploy remote
This slideshow requires JavaScript.
if your device running ios version below ios 11.3 your able to configure global http proxy – with *.pac file your able to redirect apple update url
restriced access to enterprise contacts … a long journey to find its holy grail in ios 11.3
grant or deny access to your contacts
was introduced in ios 6, since 2012 it is possible to decide which apps is allowed to access your contacts – there were no api to configure the setting in an enterprise environment, block access from apps like facebook, whatsapp, line, viber, path, e.g. to enterprise contacts – with containerization you can restrict enterprise content from unauthorized access, along with usabilitity limitations
allow open documents from unmanaged apps to managed apps
was presented in ios 7 release, since then enterprise management was able to restrict data exchange from untrusted, unsecure, private (unmanaged) to enterprise apps (managed) – apple´s native mail is per default a private app
to separate the private from enterprise accounts inside the mailapp, apple enabled this setting in ios 8 – managed domain remain blue, unmanaged marked as red – mail and web domains respect the “allow open documents from…” restriction to interact with managed apps, except the contacts
ios call kit
announced in ios 10, call kit improves the usability when called and even contacts secured inside a container, the name is resolved and displayed
prevent contacts in managed accounts from being used in unmanaged apps or accounts
finally, apple introduced this feature within ios 11.3 – only managed apps able to access managed contacts, this closes the gap to securely use apple mail in an enterprise environment
ios12 improve contact management since managed open-in restriction to enhance the managed from unmanaged separation for secure byod deployments, payload need to be deployed via mdm
view how to: “managed ios contacts” & “ios managed domains” attached
read: 
madereal - enterprise mobility - innovation 