This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 79%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Hi,
Deploying DEP-enrolled iOS devices via Endpoint.
Specifically looking at the MS Comp Portal app, can it's permissions such as Location be configured in Endpoint? If it's Location preferences are set to "Only While in use" on an iOS device, then that device reports non-compliance. Since this is the most fundamental app, it seems an appropriate app to do this with.
Is anyone aware of any app config policy settings for this?
If it's also possible on other apps, would appreciate that info too.
Am fully aware this is the type of thing Apple say should only be owned by a user, but then again these are corporate devices...
Thanks,
Piers
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 84%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
I have done a lot of research and found it’s possible for some app by using app configuration policies for managed apps that also have an app protection policy applied.
https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-ios
Here is a sample with Outlook:
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune
However, for Company Portal app, there seems to be no such information to configure the permission. Here is the supported token that can be used in XML when configuring the Company Portal app.
Hi CiciWu,
Thanks, we already have the Outlook appconfig in place and working (successfully).
I'd seen the page about the XML, but we've never had a problem with the Portal app, and since there is nothing in there about permissions it didn't seem relevant. I've tested it nonetheless and it's made no difference - all continues to work as before.
I know Apple don't allow apps to force/configure permissions, but wondered since this was MS's own app controlled by MDM, whether there was a way purely for the enterprise? It would not surprise me if not but wanted to ask if anyone knew.
Thanks,
Piers