About android corporate owned dedicated device mode with app protection

Brass Contributor

Hi, All

 

Has anyone ever used Android corporate owned dedicated device mode with app protection to block  save file to local device  ?

Because I currently feel that the app protection settings have no effect during testing.

3 Replies

@shotime 

 

We had a small discussion about this before I think :). This should just work in corporate owned dedicated devices but the feature is mostly more limited than expected, see the doc: https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-android#data-protec...

 

And especially this part:

"This setting is supported for Microsoft Excel, OneNote, PowerPoint, Word, and Edge. It may also be supported by third-party and LOB apps."

 

Besides that, I wonder what the real usecase is for Company owned Dedicated devices to use this because the complete device is a work device and this serves no real Data Loss Prevention benefit.

 

Hi @SebastiaanSmits,

This requirement was actually raised by the customer before. The customer used the Samsung tab for colleagues in the branch office to use. Although it is a company device, they hope to prevent attachments or files from being save on the tab by the user when receiving mail or reading files, and then transferred to other non company device.
Currently, we are testing whether it can be achieved,
"This setting is supported for Microsoft Excel, OneNote, PowerPoint, Word, and Edge. It may also be supported by third-party and LOB apps."
I am currently only able to successfully block download or save as function of app protection in the Corporate owned, fully managed user devices mode, while the Corporate owned dedicated device mode has been unable to do so. I am wondering if it is due to the lack of a work profile.
That's why I wonder if anyone has successfully blocked saving a file in Corporate owned dedicated device mode.

I checked again but it is nowhere stated the 'Save copies of org data' cannot be used on Corporate owned, fully managed although it makes sense because the data is only saved in a work control fashion. Maybe somebody else has encountered this but I would check with the customer what they try to achieve, transferring data from the device can be blocked in several ways especially on dedicated devices.