Excluding iOS Photos App from Intune App Protection Policy

Copper Contributor

Has anyone successfully been able to setup an iOS Intune App Protection Policy, but exclude the iOS Photos app from the "Send org data to other apps" setting? I've attempted to add the URL scheme of the app (photos-redirect) per the Intune documentation, but this didn't work.

8 Replies

Hello,

 

Have you tried adding com.apple.mobileslideshow to the Exempt apps section? See below:

 

Durrante_0-1616865509694.png

 

I haven't just because the documentation says that you need to use the URL string rather than the Apple Bundle ID.

https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios#data-transfer-ex...

Has anyone tried this with the bundle ID and had it work successfully?
Hi. I had the same "issue" with the Rabobank app last week. I created a blog about it

https://call4cloud.nl/2021/03/app-protection-attack-of-the-third-party-apps/

You could also try to add: photos-redirect
When you open safari and browse: photos-redirect:// you will be asked to open it with the photos apps
Thanks for sharing your post. I have tried adding photos-redirect to the exclusions, but that unfortunately didn't work. I've also tried adding the native photos app to our list of managed apps in Intune, but the native photos app doesn't show up as an option to add.

I have a ticket open with Intune support, but so far haven't gotten anywhere.
Do you have multiple app protection policies? Could you check the app protection monitor report to be 100% sure the user/device has the propper app protection policy applied?
No, we just have the one iOS APP policy. It's showing in the report that it's checked in and applied.

As a side note, thanks for linking to your blog. I'm reading through some of your other posts about the app protection policies, and I'm finding them very helpful.

@CharlesPearson Hey just curious if you ever got this to work. I am have a customer who would like to exempt Photos from app protection. 

 

thanks

 

Wondering if you find a way how to configure the exception, please?