Mar 12 2024 11:26 PM
Hi, All
Has anyone ever used Android corporate owned dedicated device mode with app protection to block save file to local device ?
Because I currently feel that the app protection settings have no effect during testing.
Mar 13 2024 02:37 AM
We had a small discussion about this before I think :). This should just work in corporate owned dedicated devices but the feature is mostly more limited than expected, see the doc: https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-android#data-protec...
And especially this part:
"This setting is supported for Microsoft Excel, OneNote, PowerPoint, Word, and Edge. It may also be supported by third-party and LOB apps."
Besides that, I wonder what the real usecase is for Company owned Dedicated devices to use this because the complete device is a work device and this serves no real Data Loss Prevention benefit.
Mar 13 2024 02:59 AM - edited Mar 13 2024 03:04 AM
Hi @SebastiaanSmits,
This requirement was actually raised by the customer before. The customer used the Samsung tab for colleagues in the branch office to use. Although it is a company device, they hope to prevent attachments or files from being save on the tab by the user when receiving mail or reading files, and then transferred to other non company device.
Currently, we are testing whether it can be achieved,
"This setting is supported for Microsoft Excel, OneNote, PowerPoint, Word, and Edge. It may also be supported by third-party and LOB apps."
I am currently only able to successfully block download or save as function of app protection in the Corporate owned, fully managed user devices mode, while the Corporate owned dedicated device mode has been unable to do so. I am wondering if it is due to the lack of a work profile.
That's why I wonder if anyone has successfully blocked saving a file in Corporate owned dedicated device mode.
Mar 13 2024 06:53 AM