Forum Discussion

Ryan_Ternier's avatar
Ryan_Ternier
Copper Contributor
Jan 30, 2020

iOS Device gets registered but Retirement keeps access, nothing is sandboxed.

I'm testing Intune on my iPad and I have 2 issues I'm not able to resolve. I don't have these issues on Android, it is working fine. On Android when I register, I see a sandbox work folder. on iOS I do not see this at all.

 

First:

When I retire from Intune, it will not retire the Device until I open up Comp Portal on the Device. If I open outlook / teams it allows me to see all data in those apps until I open up Comp. Portal to finalize the retirement. On android I know it retires the minute I retire from Azure  Intune.

 

Second

When I retire a device, go to CompPortal and see that my device is removed, my apps are still around (outlook and teams). I've set the Assignments on Outlook to Require it on devices, and for uninstall on removal, but this isn't happening. Even if they're not uninstalling, I still have full access to email and teams after I retire the device.

 

  • have Device Compliance policies for Android and iOS.
  • I have applications authorized from the iOS store and have assigned them to groups.
    • Outlook , for example, will install automatically when I hook my iPad into Intune. For outlook, I have Required for my Group, Mode is include, uninstall on Device removal is true
    • When I retire device, outlook isn't removed and I have full access to email.
    • I can install outlook , it tells me to setup intune, if I leave setup part way, I can view outlook data.
    • If I install outlook prior to Intune, then sync to the Comp Portal, I can cancel part way through setup of the Comp Portal and still view outlook data.
    • If I retire my device, It only retires when I go to Comp Portal. if I never open up Comp Portal on the device, it will never actually retire it.

 

Things I've noticed - I don't need to sign terms and conditions on IOS. Not sure if there's something else i'm missing.

 

I followed the steps on https://www.thelazyadministrator.com/2018/11/19/configure-and-deploy-intune-mdm/#iOS as best I could.

 

What could I be missing?

Intune
ios
Mobile Application Management (MAM)
mobile device management (mdm)

1 Reply

  • stevenvanbeek's avatar
    stevenvanbeek
    Copper Contributor
    Feb 03, 2020

    Hi Ryan_Ternier 

     

    On IOS you are not getting the same look and feel as on android with work folders(Sandbox). if you want something like that you can create a folder and push all apps in that specific folder, its not possible to get the little icon on the app.

     

    As of the problem with retire, most of the time its because the devices is not good registered yet, can you try to wait a couple of hours? Also its normal that when you retire a device the apps are not wiped. The thing with the removal of the app its only working when the users is not longer in the group.

     

    About the terms and conditions, you can set it up see : https://docs.microsoft.com/en-us/intune/enrollment/terms-and-conditions-create

     

    Let me know if you have any further questions.