Mar 11 2019 07:15 AM - edited Mar 11 2019 07:16 AM
Mar 11 2019 07:15 AM - edited Mar 11 2019 07:16 AM
Hi everyone,
i have the following constellation:
1. One App Protection Policy named "iOS General"
2. One App Protection Policy named "iOS Outlook for managed devices"
3. One App Protection Policy named "iOS Outlook for unmanaged devices"
Configuration:
1. The following options are set for "iOS General:
Target to all app types -> yes
Targeted Apps -> all Apps in List except Outlook
2. The following options are set for "iOS Outlook for managed devices"
Target to all app types -> no -> Apps on Intune managed devices
Targeted Apps -> Outlook
3. The following options are set for "iOS Outlook for unmanaged devices"
Target to all app types -> no -> Apps on unmanaged devices
Targeted Apps -> Outlook
My expectations:
unmanaged Devices
managed Devices
My problems:
1. unmanaged and managed devices are applying the "general" Policy. Very good.
2. When it comes to the distinction between managed device -> Outlook & unmanaged device -> outlook the App Protection Policies are not properly applied.
The policy "iOS Outlook for unmanaged devices" is applied every time. (Not as expected only on unmanaged devices!)
additional information:
I'm using a group with static user assignment. All my test-users are member of this group.
Every App Protection Policy is using this static group. (Policy -> Assignments -> Inlcude)
Thank you very much in advance.
Patrick :)
Mar 19 2019 06:14 AM
I experience a new problem.
In my test scenario i had the setting "only work and school accounts" activated.
The recognition if Outlook has to apply the managed or the unmanaged profile worked well.
When rolling out to a pilotgroup the users reported, that they lost their personal accounts inside Outlook. Okay, i can understand that. So what i've done is to disable "only work and school accounts", so that the user are again enabled to use their personal accounts.
The Problem: Now every device is is applying the unmanaged policy and nothing is working.
Thats really annoying.
Any ideas?
Both of the options are not satisfying me.
1. I need the ability for the users to be able to use their private accounts.
2. I need to be able to distinguish wether the device is managed or unmanaged, so i can allow Contactsync in managed state.
Apr 17 2019 10:59 PM
Nov 20 2020 09:06 AM
@AndrewDawsonThank you for this!! Microsoft Docs wasn't that clear to me so your pic example was exactly what I needed. Thanks