Forum Discussion
Intune App protection on IOS precedence
I defined 2 app protection policies; one for BYOD, so unmanaged device, no enrolments needed and one for corporate managed device. the BYOD profile ask for a PIN when accessing the app, the corporate one, no.
Now, I have multiple situations where the business provide a corporate iphone and the user has another device like an ipad and access as BYOD.
I setup 2 devices one for each configuration with my account and at the end of the day on my corporate iphone I was asked to entered a pin (BYOD config). Found it weird since the device is managed.
Someone else had the same problem ? how could we separate the app protection for same user but different devices (intune managed and MAM only)
12 Replies
- I created a dynamic group with corporate-owned devices and use that group as "excluded group" for the BYOD policy. Seems to do the job this time. will let it run and test with different users
@didn't work! the corporate devices are getting prompted with PIN CODE
- Are you installing the app from company portal or apple store?
Both policies are working well individually. One is for managed apps, the other one for Managed devices. Both are assigned to different group as well.
The issue happens when I have an individual who has 2 devices, one with each configuration. The APP for Managed apps take over the APP for Managed device.
Can you share the snippet of your policies? If you want you can connect directly with me at my email address.
- I think this might help you dividing policies: https://www.petervanderwoude.nl/post/app-protection-policies-and-managed-ios-devices/
