Intune - App configuration and App protection polecies are not working on our custome business apps. iOS devices

MatYC 86 Reputation points
2022-01-19T12:52:22.323+00:00

Our company is looking alternative MDM solution to draw a clear line between work and non- work related activities on BYOD mobile devices by separating the business and personal apps from each other.

We want to prevent any data share activities between business and personal apps:
• Open with,
• Share through
• Copy data
• Save as

We are using Intune MDM solution at the minute which is not compatible with some of our business apps because we are still able to open, copy, share, save data with user personal apps on unmanaged devices. (Is there any way we can containerise these apps using Azure AD or Intune ?)

Examples of business apps we are using:
• iPecs One
• Resco Mobile Crm
• DocuSign
• Adobe Acrobat Reader
• Outlook
• Microsoft office package (e.g. Microsoft Word, Microsoft Excel, Microsoft Share Point)

We need more granule settings to:
• Unable Personal apps – unmanaged apps to share any data with Business apps – managed apps.
• Make an Outlook to allow only one account
• Configure Conditional Access in the way which will allow only MDM enrolled devices to access our CRM system, SharePoint, etc. improve control of the devices and apps that can connect to company resources.

Kind regards,
Matt

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,713 questions
Microsoft Intune Application management
Microsoft Intune Application management
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Application management: The process of creating, configuring, managing, and monitoring applications.
873 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,317 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 9,131 Reputation points MVP
    2022-01-19T21:51:46.22+00:00

    You will need to implement APP. Apps that you intend to protect need to support Intune SDK. You can read all about it in the link below.
    intune-app-protection-policies-for.html

    2 people found this answer helpful.
    0 comments No comments

  2. Lu Dai-MSFT 28,341 Reputation points
    2022-01-20T02:34:01.047+00:00

    @MatYC Thanks for posting in our Q&A.

    App protection policy can prevent any data share activities between business and personal app. The protected apps are listed in the following article:
    https://learn.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps
    If your business apps are not included, as RahulJindal-2267 said, it is needed to use Microsoft Intune App SDK to enable your app to support Intune app protection policies.

    Based on my experience, there is no method to make Outlook app only add one account via intune. We can both add work account and personal account in Outlook app.

    For configuring Conditional Access to allow only MDM enrolled devices to access sharepoint, it is suggested to set "Require device to be marked as compliant" in Grant setting in the conditional access policy. But for CRM system, I'm not sure if it is using AAD auth. It is suggested to discuss with the CRM system's vendor to make sure if it is able to take advantage of CA.

    Hope it will help.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.