I'm deploying app protection policy from intune for iOS on a BYOD phone. In this policy I scope core microsoft application (like word, excel, powerpoint) and allow saving coporate data only to sharepoint and onedrive. This point work well when I open a corporate file (from onedrive or sharepoint) and try to save it on the local storage for exemple, the saving is blocked. However, this strategy scopes BYOD device. This means that my user will one time use Word etc for personnal use and other times for professional use. I understand from a microsoft documentation that the app protection policy should only apply on coporate files. And this is not exactly the case as when I open word on my phone, create a new blank document and try to save it, I can only save it to sharepoint and onedrive. This means that personnal file saving is also only allowed to onedrive/sharepoint and this is blocking my user for personnal use of his phone.
Just as an information, even if I try to install word from the app store and not from the company portal, at the first start of word, it says me that this app is managed by the company.
Does anyone has already had this issue? Or does someone has an idea of what I'm doing wrong ?
App protection policies are a solution to secure apps. This means that when a secure application is on a device and the organization's Microsoft account is added, app protection is applied. This has nothing to do with whether the application comes from the company portal or the public store. Nor does it have anything to do with who owns the files.