SOLVED

iOS App Protection Policy Outlook

Copper Contributor

Hi All,

 

Just wanted to confirm, once you enable App Protection policies (MAM) on an iOS device and in particular the Outlook App configured with PIN... will you be prompted for a PIN when you attempt to access any mailboxes within the app? So if I have multiple emails assigned within Outlook, several personal ones and one corporate mailbox, it appears that I will need to supply a PIN to access any mailbox - including providing a PIN for the personal accounts.

 

Is this true for everyone? Any replies would be much appreciated :)

2 Replies

Based on my tests, yes. you have to enter PIN for app itself. even if you have few accounts in it.

best response confirmed by Baljit Aujla (Copper Contributor)
Solution

Yes it's most of the time an app PIN. As soon as someone tries to open the app the PIN is needed.

In case of Outlook mobile there is currently no distinction between underlying email accounts. It protects the app itself. This is the standard behavior, but as soon as an app is multi-identity capable it is up to the developer how they are going to handle this. It is possible to prompt only in a scenario where you access the corporate data, but again this is implementation specific and up to the developer. 

 

Here a little more detail on this: https://docs.microsoft.com/en-us/intune/mam-faq

 

What is the Intune app PIN?
The Personal Identification Number (PIN) is a passcode used to verify that the correct user is accessing the organization's data in an application.

  • When is the user prompted to enter their PIN?
    Intune prompts for the user's app PIN when the user is about to access "corporate" data. In multi-identity apps such as Word/Excel/PowerPoint, the user is prompted for their PIN when they try to open a "corporate" document or file. In single-identity apps, such as line-of-business apps managed using the Intune App Wrapping Tool, the PIN is prompted at launch, because the Intune App SDK knows the user's experience in the app is always "corporate."

 

best,

Oliver

1 best response

Accepted Solutions
best response confirmed by Baljit Aujla (Copper Contributor)
Solution

Yes it's most of the time an app PIN. As soon as someone tries to open the app the PIN is needed.

In case of Outlook mobile there is currently no distinction between underlying email accounts. It protects the app itself. This is the standard behavior, but as soon as an app is multi-identity capable it is up to the developer how they are going to handle this. It is possible to prompt only in a scenario where you access the corporate data, but again this is implementation specific and up to the developer. 

 

Here a little more detail on this: https://docs.microsoft.com/en-us/intune/mam-faq

 

What is the Intune app PIN?
The Personal Identification Number (PIN) is a passcode used to verify that the correct user is accessing the organization's data in an application.

  • When is the user prompted to enter their PIN?
    Intune prompts for the user's app PIN when the user is about to access "corporate" data. In multi-identity apps such as Word/Excel/PowerPoint, the user is prompted for their PIN when they try to open a "corporate" document or file. In single-identity apps, such as line-of-business apps managed using the Intune App Wrapping Tool, the PIN is prompted at launch, because the Intune App SDK knows the user's experience in the app is always "corporate."

 

best,

Oliver

View solution in original post