Forum Discussion
Detect when apps are managed in iOS and allow them in Conditional Access
Here is my scenario, we want to allow our users to use some specialized apps such as AutoCAD or ArcGIS to access OneDrive files on managed iOS devices, but we want to ensure that the app the users ar...
There is no difference if you install apps from the company portal or through the app store. The Company Portal links back to the Public App Store.
If you want AutoCAD/ArcGIS to be in the container, the apps themself need to support this feature. Here you can find an overview of the apps that support App Protection Policies: https://docs.microsoft.com/en-us/intune/apps/apps-supported-intune-apps. As AutoCAD/ArcGIS are not listed there, there is no way of managing these apps.
You could create an exemption. this means that Onedrive can share data outside the comtainer to only AutoCAD & ArcGIS apps.
If you want AutoCAD/ArcGIS to be in the container, the apps themself need to support this feature. Here you can find an overview of the apps that support App Protection Policies: https://docs.microsoft.com/en-us/intune/apps/apps-supported-intune-apps. As AutoCAD/ArcGIS are not listed there, there is no way of managing these apps.
You could create an exemption. this means that Onedrive can share data outside the comtainer to only AutoCAD & ArcGIS apps.
I think I finally found a solution, or at least a way to achieve what I want. In the iOS Compliance Policy there is an area where you can list "Restricted Apps." So as I test I added the Workday app to the list of restricted app in my compliance policy, then on my test device I downloaded the Workday app from the Apple App Store. As expected my device was no longer compliant, and the reason in the Comp Portal app was because I had the Workday app installed. Then I went to the App Store in the Comp Portal app and installed the "Managed" version of the Workday app. Once it finished installing I check the device settings again and synced the device from the Intune portal; the device was now compliant.
This doesn't automatically install the app, but does allow my to detect the apps and make the users remedy the issue. The Microsoft documentation doesn't explicitly say this is how it works, but it definitely seems to work for my scenario.
Just thought I would share in case someone else comes across this scenario.
