Forum Discussion
iOS Devices can manually unenroll and still access corporate resource (Outlook app not removed)
We are looking to migrate to Intune for MDM on our phone but are having an issue with iOS. With Android, if you try to un-enroll your device it forces you to wipe the work profile. This means t...
Oktay thanks for the quick reply!
1. We do a stipend instead of Corp devices. We want to be able to remote wipe and have access control to corporate data for DLP and HIPAA reason.
2. Yes we have a CAE in place to require a device is marked as compliant and require use of an approved app. This policy is set to iOS and Android and for All Cloud Apps.
3. Users enroll using the Company Portal App
Yes we have app protection policy. One policy is target to iOS and MS Apps. We have conditions set for Offline grace period, disabled account and Jailbroken.
Your thought about relying on app protection MAM is interesting. I am going test using the conditional launch to see if that helps.
I don’t see how to create an App protection policy and distinguish between managed and non managed apps. All I can do is select either MS built in apps or Public apps (where the MS apps are already selected).
Is there a way to use an app protection policy to force an immediate wipe? If someone is unmanaged and leaves the company the best we could do is wipe the data after 1 day?
Thanks
John
1. We do a stipend instead of Corp devices. We want to be able to remote wipe and have access control to corporate data for DLP and HIPAA reason.
2. Yes we have a CAE in place to require a device is marked as compliant and require use of an approved app. This policy is set to iOS and Android and for All Cloud Apps.
3. Users enroll using the Company Portal App
Yes we have app protection policy. One policy is target to iOS and MS Apps. We have conditions set for Offline grace period, disabled account and Jailbroken.
Your thought about relying on app protection MAM is interesting. I am going test using the conditional launch to see if that helps.
I don’t see how to create an App protection policy and distinguish between managed and non managed apps. All I can do is select either MS built in apps or Public apps (where the MS apps are already selected).
Is there a way to use an app protection policy to force an immediate wipe? If someone is unmanaged and leaves the company the best we could do is wipe the data after 1 day?
Thanks
John
Hi JD1234535,
Q: I don’t see how to create an App protection policy and distinguish between managed and non managed app
A: When you create an APP, you can choose between managed and unmanaged device. So you distinguish on device level:
Q: Is there a way to use an app protection policy to force an immediate wipe?
A: the only thin I can think of is conditional launch disabled account; (and maybe device threat level but I never worked with that). However, you'll have to test with disabling an account and then see when the policy kicks in. It will be on next authentication check.
And what you can always do is a user/device based selective wipe when ever you need to:
Intune > Apps > App selective wipe
hope this helps.
