Feb 21 2022 06:42 AM
Hi,
We are looking at using Intune to manage mobile devices for a client who uses personal devices for 90% of their users - their users are not directly employed by them. I am working on Intune in a test tenant and have some issues with iOS devices. Our SKU is Microsoft 365 Business Premium and I am using Outlook as an example app.
I have pushed Microsoft Outlook to the device and configured it with the company account and I can do a selective wipe from the dashboard. But the issue is that the end user can remove the MDM profile from the iOS settings app and leave all of the data stored on their device completely unmanaged. The App Protection Policies no longer apply so they don't even get prompted for the PIN defined within that.
I can remove set the app to be removed when the device is removed from management but this isn't ideal because the user could be using Outlook (or whatever supported app is in question) for their personal activities.
I know I can use conditional access to require devices to be enrolled but that would only prevent them connecting and downloading new emails, it would do nothing to protect the data that is already synched.
Regards
Feb 21 2022 09:04 AM