During the last update of Intune on Azure service last weekend, some really nice Application Protection Policies were added for Android and iOS. One new feature is that you can control if a PIN needs to be set for a Managed App or not when a device PIN is already being managed by Microsoft Intune. This allows you to use the App Protection Policy for both MAM without enrollment as MAM on managed devices scenarios.
Note; Currently on iOS Intune can only detect if a device is managed by a third party EMM solution. For Android devices this setting works also if a device is managed via Microsoft Intune.
Also you are now able to check if the app or platform comply to the following;
- Require minimum iOS/Android operating system
- Require minimum iOS/Android operating system (Warning only)
- Require minimum app version
- Require minimum app version (Warning only)
- Require minimum Intune app protection policy SDK version (iOS Only)
The app version can for instance be a specific version of Outlook where you have certain security features available, this way you can force the user to update the Outlook app.
Another really cool addition is the fact that you can now restrict where a user is able to save a document when you allow Save As, you can restrict it to OneDrive for Business, SharePoint and/or local storage.
Already looking forward to the next update, are you also? 😉