iOS/iPadOS security configuration framework app configuration policies

As part of the iOS/iPadOS security configuration framework, you must properly set app configuration policies for iOS/iPadOS devices.

iOS/iPadOS supervised devices are designed to be used for work or school data only. So, Microsoft apps deployed on these devices must be configured to disallow personal accounts.

Disallow personal accounts for Microsoft apps on iOS/iPadOS devices

  1. Add the iOS apps so that they can be deployed to the device. For more information, see Add iOS store apps to Microsoft Intune.

  2. Create a policy for each Microsoft app as described in Add app configuration policies for managed iOS/iPadOS devices.

  3. Create the following single key in each policy:

    Key Values
    IntuneMAMAllowedAccountsOnly Enabled: The only account allowed is the managed user account defined by the IntuneMAMUPN key.
    Disabled (or any value that is not a case insensitive match to Enabled): Any account is allowed.
    IntuneMAMUPN UPN of the account allowed to sign into the app. For Intune enrolled devices, the {{userprincipalname}} token may be used to represent the enrolled user account.

Next steps

Apply iOS/iPadOS device compliance security configuration settings.