Forum Discussion

Julian12's avatar
Julian12
Brass Contributor
Mar 03, 2021
Solved

App protection policy not applying

Hi, I'm trying to configure an iOS app protection policy for a client but I'm failing to get it applied on a iPhone XR with a fully licensed user. I deployed the app config policy with the IntuneMA...
app policy
App Protection Policy
Apps
blocked
Intune
outlook
protection policy
user-level
wipe
  • Alo Press's avatar
    Alo Press
    Mar 04, 2021

    Julian12 Are the apps that you are trying to Protect managed? Meaning are they published through the Intune Company Portal or are you just testing App Store apps and waiting until they apply? 

     

    In some cases Signing into the app might be needed for the Protection to trigger as the app is assuming the protection from Your specific MDM - this is more relevant with multi-identity enabled apps. 

     

    Also, is there anything special about that test account? What licenses have you enabled to it or is it a DEM account? There is probably a lot of things that might not work quite right for DEM accounts. 

     

    Regarding the user-level wipe.. it might have something to do with pending App selective wipe, if you have any pending delete the requests. Docs here on how to https://docs.microsoft.com/en-us/mem/intune/apps/apps-selective-wipe#delete-a-device-wipe-request.

Alo Press's avatar
Alo Press
Iron Contributor
Mar 04, 2021

Hi Julian12 

 

Where exactly are you seeing that error from? I usually use the following report to make sure whether or not my policy has applied: Apps > Monitor > App protection status > Reports > User report

 

What is your Target to apps on all device types selection? If it is not set to Yes or both types that cause some issues, the type state is a bit fiddly to pinpoint and thus its more simple to target both, more about that in https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies#create-an-iosipados-or-android-app-protection-policy docs. 

 

Ownership type should not matter when it comes to App Protection policies.

  • Julian12's avatar
    Julian12
    Brass Contributor
    Mar 04, 2021

    Hi Alo Press,

    I see that error in the same reporting tool:

    Currently I set the target devices to managed only, tried for a short time with Both but wasn't working too. Will test this again..

    Edit: Not sure if this is a problem but atm my test phone has no SIM card or any mobile number attached to it.

    • Alo Press's avatar
      Alo Press
      Iron Contributor
      Mar 04, 2021

      Julian12 Are the apps that you are trying to Protect managed? Meaning are they published through the Intune Company Portal or are you just testing App Store apps and waiting until they apply? 

       

      In some cases Signing into the app might be needed for the Protection to trigger as the app is assuming the protection from Your specific MDM - this is more relevant with multi-identity enabled apps. 

       

      Also, is there anything special about that test account? What licenses have you enabled to it or is it a DEM account? There is probably a lot of things that might not work quite right for DEM accounts. 

       

      Regarding the user-level wipe.. it might have something to do with pending App selective wipe, if you have any pending delete the requests. Docs here on how to https://docs.microsoft.com/en-us/mem/intune/apps/apps-selective-wipe#delete-a-device-wipe-request.

      • Julian12's avatar
        Julian12
        Brass Contributor
        Mar 04, 2021

        Frickin hell, there was really a selective wipe in place for this account, so obvious^^
        I deleted that request and reset my device, hopefully it is working now..
        Many thanks for this hint, seems too easy 😕

Resources