Dec 16 2019 11:26 AM
Here is my scenario, we want to allow our users to use some specialized apps such as AutoCAD or ArcGIS to access OneDrive files on managed iOS devices, but we want to ensure that the app the users are using are in the "Managed area" of their iOS device. This means the app needs to be installed from the App store in the Intune Company Portal app, however we see instances where users are downloading the app from the public app store.
To me there are two approaches I can take:
1. Detect when one of these apps is installed from the app store and then force the installation from the Company App store. Is this possible?
2. Create an App Configuration for the app, which only gets applied when the app is installed from the Company App store, and then use Conditional Access to detect this setting. Is this possible?
Or perhaps there is another way to achieve what I am looking for?
Dec 17 2019 03:32 AM
Jan 09 2020 02:14 PM
I think I finally found a solution, or at least a way to achieve what I want. In the iOS Compliance Policy there is an area where you can list "Restricted Apps." So as I test I added the Workday app to the list of restricted app in my compliance policy, then on my test device I downloaded the Workday app from the Apple App Store. As expected my device was no longer compliant, and the reason in the Comp Portal app was because I had the Workday app installed. Then I went to the App Store in the Comp Portal app and installed the "Managed" version of the Workday app. Once it finished installing I check the device settings again and synced the device from the Intune portal; the device was now compliant.
This doesn't automatically install the app, but does allow my to detect the apps and make the users remedy the issue. The Microsoft documentation doesn't explicitly say this is how it works, but it definitely seems to work for my scenario.
Just thought I would share in case someone else comes across this scenario.