@Lu Dai-MSFT thanks for your quick response.
That's right, I only deploy the app protection policy to unmanaged iOS devices. Managed iOS devices should stay untouched.
I have to add, that I also deploy a app protection policy for Android, but everything is working like expected there. No problems. The filter for managed and unmanaged is working perfectly fine.
Thanks for the hint with Edge. I didn't know, that I can get more information's with it.
I used to look in Teams and Outlook under "Privacy Settings" to check if a policy is active or not.
If I get it right, than Edge is telling me, that the policy is deployed to all apps on the managed iPhone as well. But if i take a look in the apps, the policy is taking no effect. Only in OneDrive the policy takes effect. It should take effect in non app on the managed iPhone.
Here are the log files.
I assigniert the policy to a group, in which only I am. My user owns three devices, a Windows Laptop, a Android Smartphone and a iPhone. I also use my private iPhone to check the policy on a unmanaged device.
The policy is assigned as follows.
| Group | Group Members | Filter | Filter mode |
| -------- | -------- | -------- | -------- |
| Microsoft Intune - user - Tobias * | 0 devices, 1 users | Filter - iOS Apps - v16 and older unmanaged | Include |
*last Name was removed.
The Policy:
@odata.type : #microsoft.graph.iosManagedAppProtection
displayName : Test - iOS - App protection - Unmanaged Devices - v16 and older
description : Tobias
03.05.2023
Diese Richtlinie schützt Unternehmensdaten auf unmanaged iOS 16 und älter.
createdDateTime : 03.05.2023 06:52:01
lastModifiedDateTime : 13.09.2023 07:55:50
id : T_f58ca6ce-899d-4cab-9337-abe822582bbd
version : "71015e2d-0000-0d00-0000-65016b060000"
periodOfflineBeforeAccessCheck : PT12H
periodOnlineBeforeAccessCheck : PT5M
allowedInboundDataTransferSources : allApps
allowedOutboundDataTransferDestinations : managedApps
organizationalCredentialsRequired : False
allowedOutboundClipboardSharingLevel : managedAppsWithPasteIn
dataBackupBlocked : True
deviceComplianceRequired : True
managedBrowserToOpenLinksRequired : False
saveAsBlocked : True
periodOfflineBeforeWipeIsEnforced : P90D
pinRequired : False
maximumPinRetries : 5
simplePinBlocked : False
minimumPinLength : 4
pinCharacterSet : numeric
periodBeforePinReset : PT0S
allowedDataStorageLocations : {oneDriveForBusiness, sharePoint}
contactSyncBlocked : True
printBlocked : True
fingerprintBlocked : False
disableAppPinIfDevicePinIsSet : False
minimumRequiredOsVersion : 16.6.1
minimumWarningOsVersion :
minimumRequiredAppVersion :
minimumWarningAppVersion :
managedBrowser : notConfigured
isAssigned : True
appDataEncryptionType : whenDeviceLocked
minimumRequiredSdkVersion :
deployedAppCount : 132
faceIdBlocked : False
customBrowserProtocol :
Thanks a lot for your support.
Tobi