iOS
284 TopicsNew block screen capture for iOS/iPadOS MAM protected apps
Following the announcement of Microsoft Intune support for Apple Intelligence, we recently introduced support to block screen capture for mobile application management (MAM) protected apps. This blog provides details of the default screen capture behavior to help you understand how it affects your users and the settings available to change the default behaviour. Background Previously, for iOS/iPadOS, there were no controls to limit screen captures per application, per user or without device enrollment. this resulted in a gap for organizations with only MAM protection. As part of our secure-by-default commitment, the new default behavior for your MAM-protected app may have changed. Now, based on your Intune app protection policy settings, when a user attempts to screen capture or share the screen from a managed account within a MAM-protected app, a blank screen will be captured instead of the actual screen image. How the MAM block screen capture works In Intune, the screen capture is controlled using the existing Send Org data to other apps setting within the Data Protection section of the iOS app protection policy (APP) and is blocked if both the following conditions are met: The app (Microsoft apps, third-party apps, or your line-of-business (LOB) app) is updated to use Intune App SDK v19.7.6 or later for Xcode 15 and v20.2.1 or later for Xcode 16. The app is targeted by APP and the setting Send Org data to other apps is set to “None” or any of the “Policy managed apps...” values. If Send Org data to other apps is configured to “All Apps”, the screen capture for your MAM protected apps isn’t blocked. Changing the default MAM screen capture block For some scenarios, you may wish to allow screen capture while retaining the existing APP configuration, such as allowing screen capture and sharing to policy managed apps. Therefore, we introduced a Managed app configuration key com.microsoft.intune.mam.screencapturecontrol = Disabled” to override the default behavior. To allow screen capture on iOS devices targeted with an app protection policy, follow these steps: Navigate to the Microsoft Intune admin center. Select Apps > App configuration policies > Create > Managed apps. On the Basics page, select the apps you wish to target. For this example we’ve selected Outlook (iOS/iPadOS), Teams (iOS/iPadOS) and an LOB app. On the Settings page, within the "General configuration settings” section, add the key "com.microsoft.intune.mam.screencapturecontrol" with the value "Disabled". Assign the configuration policy to the users who you want to target with the override setting. For more details, refer to Add an app configuration policy for managed apps on iOS/iPadOS and Android devices. Conclusion To keep your organizations secure, based on your policy, all screen capture attempts are blocked for MAM protected apps. The managed app configuration settings detailed in this blog allows you to override the default settings to meet any specific requirements within your organization. Stay tuned to What's new in Microsoft Intune for future improvements to the blocking screen capture capabilities and more Apple Intelligence features. Let us know if you have any questions by leaving a comment on this post or reaching out on X @IntuneSuppTeam.10KViews2likes15CommentsMake Required applications visible in Intune Company Portal on iOS
Hi everyone, I'm new to Intune and have a question. Is it possible to make required applications visible in the Intune Company Portal on iOS (supervised devices)? Currently, only "available" apps are shown. This would be really helpful because if a user deletes a required app, the automatic re-installation can sometimes take a long time. Thanks!31Views0likes2CommentsiOS 18.2 Configuration - App Store (settings) disappears in iOS settings
Hello, in our compandy we deploy our iOS devices using a device restrictions configuration in Intune. We have app store blocked, but until iOS 18.2 , the option of the settings for the app store was still available in the iOS settings. Now the app store disappers (on a private iPhone the app store moved under Apps). Unfortunately we need this option to configure the automatic downloads option via mobile network (and not asked for Apps over 200MB). Are there changes we can make that block the app store, yet still allow automatic updates over cellular data for managed apps? Thank you.14Views0likes0CommentsEdit Existing Group Me Polls without Losing Responses
Description: Currently, once a poll is created in GroupMe, it cannot be edited. This can be problematic if the poll creator makes a mistake, such as a typo, missing option, or unclear wording. Additionally, there may be instances where the creator wants to adjust the poll to guide responses in a certain direction without resetting the vote count. Proposed Solution: Enable poll creators to make minor edits to existing polls while preserving responses. This could include: • Editing the poll question • Adding or modifying response options • Adjusting the poll duration To maintain fairness, GroupMe could notify participants when changes are made and provide an option to re-cast votes if necessary. Benefits: • Fixing Mistakes: If the creator accidentally includes a typo or omits an important option, they can correct it without restarting the poll. • Clarifying Questions: A vague or misleading poll question can be refined to ensure participants fully understand it. • Guiding Responses: In some cases, the creator may want to subtly steer the poll in a particular direction without losing previous engagement. This feature would improve usability and flexibility while keeping GroupMe polls engaging and relevant.11Views0likes0CommentsRequired and Available Apps visibility in ICP
Hi everyone, I'm new to Intune and have a question. Is it possible to make required applications visible in the Intune Company Portal on iOS (supervised devices)? Currently, only "available" apps are shown. This would be really helpful because if a user deletes a required app, the automatic re-installation can sometimes take a long time. Thanks!8Views0likes0CommentsUser able to send mail with account locked
Hello and Happy New Year! I tried to go through the official M365 support channels on this issue, but they were unable to help me. Environment: Local Active Directory synced to Azure/M365 via Azure AD Connect All user mailboxes reside on Exchange Online We found out, via a external security audit, that we had an user account, which was both locked and had an expired password, that was still able to send email out via the iOS Outlook app. We were under the impression that if an account was locked that they could still receive email, but not send. The account was for an employee that is no longer active and thus has been archived and deleted. We are just hoping for an explanation/root cause of this and how we can hopefully prevent it from happening in the future. Thank you, Tony Martinac AMIC49Views0likes1CommentiOS Intune Keychain
Hi, I have an iOS app that is distributed through Intune MDM. The app performs Microsoft login in a WebView, where the user certificate installed on the device (in the Keychain) is required. When I try to retrieve the certificate in code, I cannot access it because, by default, Apple does not allow third-party apps to retrieve certificates. What can I do? Is there a specific configuration to set up in Intune? Do I need to use the Intune SDK? Thank you.30Views0likes0CommentsMaui.NET and XCode validation
My application is developed on a Windows PC using Visual Studio 2022 (ver. 17.12.1) and .NET MAUI framework (ver. 9). After a successful build and testing using a virtual iPhone interface, Visual Studio connects remotely to the MacBook (Mac OS 15.1) sending the necessary project files to Xcode 16.1 targeting iOS version 18. The files are sent to Xcode successfully. However, Xcode validation fails with 4 errors. No matter what I change, the same errors persist. These validation errors are preventing me from deploying the code to TestFlight. Apple support refuses to help stating it is a problem with Visual Studio compilation of the package for Xcode. While I am not 100% confident, I suspect that the entries in the plist.info file contained within the project do not agree with where the files are physically located (even though they appear correct. However, I cannot see the key values in the plist file in the Xcode IPA package. I also notice that Maui opted to create entries in the plist.info file for “Assets.xcassets/AppIcon.appiconset”, but according to apple this is not how it should be done anymore. Could anyone provide the specific changes in detail that need to happen to this project to have a successful XCode validation? I have been at this for two weeks with no solution in site. Below is a link to the referenced resources. Screenshots and Error documents Your help is greatly appreciated73Views0likes0Comments