We recently identified several scenarios where users may experience issues when attempting to access Intune protected apps, as app protection policies (APP, also known as MAM) may not be applied correctly. This occurs for apps that have been integrated with the Intune App SDK for iOS (versions 16.0.0 to 16.0.8) that use Microsoft Authentication Library (MSAL) with multiple registered users. Here are the scenarios:
An Azure Active Directory (Azure AD) user targeted with APP could be blocked from signing in by Conditional Access policy that requires APP.
An Azure AD user targeted with Intune but without APP Conditional Access policy could access the app and org data without app protection.
An Azure AD user not targeted with Intune APP could be restricted by policies belonging to a different managed Azure AD user on the device.
We recommend customers using MSAL with the Intune App SDK for iOS (versions 16.0.0 to 16.0.8) to update to the latest SDK version (16.0.9), as listed below:
Intune regularly releases updates to the Intune App SDK and the Intune App Wrapping Tool. It’s important that you regularly check for updates on GitHub and incorporate the latest version into your software development release cycle. This ensures that your apps support the latest app protection policy settings.
If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter.