Previously for iOS/iPadOS, you had to manually configure the IntuneMAMUPN, IntuneMAMOID, and IntuneMAMDeviceID app configuration values in order for Intune mobile application management (MAM) to determine if the device was enrolled with Intune per Create and deploy app protection policies. Based on customer feedback to simplify the admin experience, we’ve begun to automatically send these values to managed applications on Intune enrolled iOS devices. Starting with Intune’s September (2409) service release, we’ve enabled this change for the following apps: Microsoft Excel, Microsoft Outlook, Microsoft PowerPoint, Microsoft Teams and Microsoft Word. We’ll continue to expand this to additional managed apps over the coming months.
We were recently alerted that users may be incorrectly blocked in a specific scenario if these values weren’t configured. If you have iOS devices “Enrolled without User Affinity” and an app protection policy is enforced for a user in one of the listed applications, then the user may encounter a “Misconfiguration Alert” dialog with the following message:
“Your organization’s support team wants you to login with this account:. But you tried to login with user@company.com. Contact your organization’s support team for help.”
While there’s no workaround, we’re actively working to correct this issue.
While you likely already have the app configuration values configured to correctly enforce app protection policies based on management type, in the rare case that it’s not, this change will correct the MAM device management type state from “Unmanaged” to “Managed”. This means you may notice a change for MAM users with Intune enrolled devices in the following scenarios:
We’ll continue to update this post as new information becomes available. If you have questions or comments for the Intune team, reply to this post or reach out on X @IntuneSuppTeam.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.