Feb 16 2022 09:53 AM
Dear all,
Some of our users are able to uninstall company portal from there enrolled Iphone.
I am searching a way to put these Iphone as no compliance with no access to corporate apps (Outlook etc...)
I heard about Conditional Access but I don't know how
Many thanks for your help
Feb 16 2022 08:38 PM - edited Feb 16 2022 08:39 PM
Hi Samppp,
Compliance policy can mark a device ‘not compliant’ if a restricted app installed (screenshot attached). Also Conditional Access can not mark a device ‘not compliant’ but forces a setting depending on a device state, for example, enable access to Exchange Online for Compliant Devices only.
Are you targeting the policy to Corp or personal devices? Corp MDM devices removes all apps installed if someone removes Comp Portal (screenshot attached) but you need to assign the apps and have intune install them for you in the enrolment process (url below).
Hope this helps!
Moe
https://docs.microsoft.com/en-us/mem/intune/apps/store-apps-ios
Feb 17 2022 11:02 AM
Feb 17 2022 11:08 AM - edited Feb 17 2022 11:10 AM
Hi Samppp,
It doesn’t matter if the users are using personal apple id or business as long as the device MDM corp device. If you push the apps using Intune, if a user tries to remove Comp portal all the apps that assigned get removed with it.
I attached a screenshot earlier.
Moe
Feb 21 2022 03:09 AM
Hi Moe_Kinani
I have tested what you said just before.
I have installed Signal through Company Portal on a enrolled Iphone, then removed Company Portal.
Signal application still there and I can use it.
Any idea about that...?
Is there a way to block access to corporate email (through Outlook) as soon as Company Portal is removed from the Iphone?
Many thanks again.