Event banner

Windows Office Hours: September 28, 2023

Event Ended
Thursday, Sep 28, 2023, 08:00 AM PDT
In-Person

Event details

Please note this Windows Office Hours date has been changed to September 28, 2023. Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, a...
Heather_Poulsen
Updated Sep 28, 2023
Office Hours
soooner's avatar
soooner
Copper Contributor
Sep 28, 2023
Intune: The ability to filter App Protection Policies by Management Type appears to have been removed over the past month or two. How can we best create App Protection Policies for BYOD mobile devices without forcing those same policies on company-managed devices? I haven't found a way of getting this to work without affecting both BYOD and company-managed devices, even when using filters and exceptions in conditional access.
ThomasTrombley's avatar
ThomasTrombley
Former Employee
Oct 02, 2023
Good Afternoon/Evening Ryan, I found an engineer to assist, and they noted that this is still supported via Managed Apps Assignment Filters. There is help text in the admin console to guide customers for both new and existing APP policies: https://learn.microsoft.com/en-us/mem/intune/fundamentals/filters-device-properties#managed-app-properties. Best, Thomas
  • soooner's avatar
    soooner
    Copper Contributor
    Oct 02, 2023
    Hi Thomas, thanks for passing along that link. I have already tried creating a filter like that, but using the rule syntax of (app.deviceManagementType -eq "Managed") never populates any results, despite having tens of devices already managed via InTune. The filter preview never shows any devices listed, which prevents the filter from working as intended.
    • ThomasTrombley's avatar
      ThomasTrombley
      Former Employee
      Oct 02, 2023
      Conferred with my engineer, who just tested this in on of my tenants and it is working properly. I expect it might be due to this: For iOS/iPadOS, for the Device Management type to be enforced to Intune managed devices, additional app configuration settings are required. These configurations will communicate to the APP service that a particular app is managed—and that APP settings will not apply: - IntuneMAMUPN and IntuneMAMOID must be configured for all MDM managed applications. For more information, see https://learn.microsoft.com/en-us/mem/intune/apps/data-transfer-between-apps-manage-ios#configure-user-upn-setting-for-microsoft-intune-or-third-party-emm. - IntuneMAMDeviceID must be configured for all third-party and line-of-business MDM managed applications. The IntuneMAMDeviceID should be configured to the device ID token. For example, key=IntuneMAMDeviceID, value={{deviceID}}. For more information, see https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-ios. If only the IntuneMAMDeviceID is configured, the Intune APP will consider the device as unmanaged.
Date and Time
Sep 28, 20238:00 AM - 9:00 AM PDT