SharediPad - configuring App permission remotely for M365 Apps via Intune for supervised devices

Question

We would like to provide "office/m365 apps" in a shared iPad with Guest login with app protection policy with ping to secure. But we want to pre-provision the app permission for the M365 App so that it wont prompt the users every time he/she login to an App. for e.g. : Mic permission/Camera permission/ notification permission for TEAMS App. How to configure the permission for these App via Intune so that multi users just login to the app and enjoy the shared iPad.

Answer 1

Hello

Here is couple steps for your request:

Create App Protection Policies

1. Login to Intune:
   • Go to the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com/).
   1. Configure App Protection Policies:
      • Navigate to Apps > App protection policies > Create policy.
        • Choose iOS/iPadOS as the platform and click Next.
        1. Policy Settings:
           • Configure the policy according to your organization's requirements, focusing on settings that apply to data protection, access requirements, and other relevant configurations.
           1. Permissions for App Settings:
              • Under Permissions, ensure that the necessary permissions required by the M365 apps (Teams, Outlook, etc.) are allowed or set to prompt only once so users are not repeatedly asked to grant permissions.

B. Assign Users

• Assign the app protection policy to a group that represents the users who will use the shared iPad.

3. Configure the Managed App Configuration

To pre-configure specific app permissions (mic, camera, etc.) for M365 apps, you can use app configuration policies in Intune:

1. Create Configuration Policy:
   • In Intune, go to Apps > App configuration policies.
     • Click on Add and choose Managed apps.
     1. Select the App:
        • Select the Microsoft Teams app (and any other M365 apps you plan to configure).
        1. Configuration Settings:
           • In the settings, you can provide specific configurations. However, note that not all permissions can be set via Intune due to Apple's privacy and security model. The settings that can be changed should be chosen based on what’s applicable.
           1. Assign the Configuration:
              • Assign the configuration policy to the same group as the app protection policy.
2. App Request Settings

• If you want to ensure that permissions are not repeatedly requested, ensure that users are provisioned in a way that allows them to authenticate seamlessly (using Azure AD, SSO, etc.). Create App Protection Policies
  1. Login to Intune:
     • Go to the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com/).
  2. Configure App Protection Policies:
     • Navigate to Apps > App protection policies > Create policy.
     • Choose iOS/iPadOS as the platform and click Next.
  3. Policy Settings:
     • Configure the policy according to your organization's requirements, focusing on settings that apply to data protection, access requirements, and other relevant configurations.
  4. Permissions for App Settings:
     • Under Permissions, ensure that the necessary permissions required by the M365 apps (Teams, Outlook, etc.) are allowed or set to prompt only once so users are not repeatedly asked to grant permissions.
  B. Assign Users
  • Assign the app protection policy to a group that represents the users who will use the shared iPad.
  3. Configure the Managed App Configuration
  To pre-configure specific app permissions (mic, camera, etc.) for M365 apps, you can use app configuration policies in Intune:
  1. Create Configuration Policy:
     • In Intune, go to Apps > App configuration policies.
     • Click on Add and choose Managed apps.
  2. Select the App:
     • Select the Microsoft Teams app (and any other M365 apps you plan to configure).
  3. Configuration Settings:
     • In the settings, you can provide specific configurations. However, note that not all permissions can be set via Intune due to Apple's privacy and security model. The settings that can be changed should be chosen based on what’s applicable.
  4. Assign the Configuration:
     • Assign the configuration policy to the same group as the app protection policy.
  5. App Request Settings
  • If you want to ensure that permissions are not repeatedly requested, ensure that users are provisioned in a way that allows them to authenticate seamlessly (using Azure AD, SSO, etc.).

Answer 2

@BYODMDM, Thanks for posting in Q&A.

For your issue, if you want to provide Guest login with app protection policy with pin to secure, yes, you can configure the feature via app protection policy to secure, you can refer the method mentioned by @glebgreenspan, and if you want to pre-provision the app permission for the M365 app so that it won't prompt the users every time he/she login to an App, currently, you can refer the link below, here is Here is a sample with Outlook:

https://docs.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-ios

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune

However, some app permissions cannot be granted automatically, because they were by designed by the OS.

Hope it will help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

How do पेटीएम कस्टमर केयर नंबर पर कॉल +41=88 89 26--12 75 ऑनलाइन शिकायत कायत दर्ज करना चाहते हैं, तो हमसे संपर्क करें” +91--88 89-26-12-75-✓ टोल फ्री करें...++