Thank you for this article. App protection for MS Teams works as you have documented it.
In a Conditional Access policy for MS Teams mobile app for personal iOS devices where I grant access to MS Teams for personal Android and iOS mobile devices where device compliance is required or app protection policy is required, personal Android devices registered with Intune MAM were able to access MS Teams app fine; however, personal iOS devices registered with Intune MAM were prompted to fully enroll their devices if users try to install the MS Teams mobile app.
For a personal iOS device that is fully enrolled in Intune, MS Teams app installed just fine.
Do personal iOS devices with MS Authenticator as the broker app for Intune MAM need to fully enroll their devices just to access MS Teams mobile app?
Other Office 365 mobile apps install fine with personal iOS devices registered with MS Authenticator without prompting the users to fully enroll the personal iOS devices.