Blog Post

Intune Customer Success
6 MIN READ

Changes to applications’ backup and restore behavior on iOS/iPadOS and macOS devices

Intune_Support_Team's avatar
Intune_Support_Team
Silver Contributor
Dec 08, 2022
Updated 01/23/23: Based on the feedback we’ve received, there are some slight changes to when and how we rollout this change. This change will not happen automatically, admins will be able to enable ...
Updated Dec 01, 2023
Version 6.0
paddy_braun's avatar
paddy_braun
Copper Contributor
Jan 09, 2024

Hi Joachimb89 ,

 

as described in my answer to ChrisNeu , you cannot backup your corporate IDs inside Authenticator to iCloud. It only stores your private MS Account IDs. Hence, you better leave the Block managed apps from storing data in iCloud is set to Yes.

You are right, this setting applies to all managed apps in a whole, and should be turned on. But it has nothing to do with iCloud Backup. It is the iCloud Sync feature. Two different things, people always mix up.

Sync is controlled with one setting for all apps inside the iOS platform restrictions, Backup is controlled with an individual setting per-app inside the App catalogue. As the latter is a setting, which is not sent to the device during every check-in, but only when the specific app is getting installed or updated or re-installed. This is by design, intended by Apple.

 

  • Corporate iOS devices with MDM & MAM policies applied
  • > What is backed up and what not, depends on your policies. Please specify the setting in doubt, than only your question can be answered.
  • VPP apps deployed to all devices. Either required or available
  • > no effect on the backup mechanism. The iCloud backup and the iCloud sync mechanisms are depending on whether the app is managed or unmanaged, and for MAM (APP), whether or not you deployed the App setting "IntuneMAMUPN".
  • App assignment configured with setting Prevent iCloud app backup set to Yes
  • completely blocks the backup of app data to iCloud via iCloud Backup mechanisms. No effect on iCloud Sync

 

In an App Protection policy -> Data Protection ->

  • Prevent Backup org data to iTunes and iCloud backups set to Block
  • > same as "prevent iCloud app backup" but only for apps which support MAM, not applicable to all Managed Apps. this MAM policy is supported both, managed and unmanaged devices
  • Save copies or org data set to Block
  • > applies only to organizational data from the corporate account. you can define exceptions like corporate onedrive or sharepoint
  • In a device restriction policy Block managed apps from storing data in iCloud is set to Not Configured
  • has nothing to do with app backup. applies only to iCloud Sync feature

 

iCloud Sync: Apps store their data in iCloud autonomously. Needs to be implemented by the app developer.

iCloud Backup: is the device Backup feature by Apple which is triggered by the system/by the user and copies the app storage.

 

When I check in Settings -> * Apple ID * -> Apps using iCloud -> all managed apps are enabled (green tick)

> This is iCloud Sync

 

When I check in Settings -> * Apple ID * -> *Current iOS Device name* -> iCloud Backup -> All Device backups -> All managed apps show "Backup not Supported"

> This is iCloud Backup

 

The remaining questions should be answered with my post above.