Hey sysadmins! So here's the situation: I've recently set up App Protection policies through Intune for my organization. These policies are meant to cover all devices, both managed and unmanaged, with the goal of allowing corporate data to be saved only to OneDrive for Business and SharePoint. We've also enabled sensitivity labels across the organization, and our Conditional Access policies require these App Protection policies for all apps on iOS and Android. I double-checked that my test account with E3 and the E5 security add-on has both the CA and App Protection policies applied. I went ahead and configured MFA and downloaded Teams, Outlook, and OneDrive on a test iPhone. The issue is that I can still save corporate data from Microsoft apps (like Outlook attachments or OneDrive files) to local storage and even to a third-party app (MegaNZ), despite the files being labeled as "confidential". Am I missing something, or do these App Protection policies seem ineffective?
3 Answers
It sounds like something might not be set up right. Could you share screenshots of your CA and MAM configuration? Also, make sure your scoping is on point—it's the basics! Check if the device is appearing in your App Protection logs and if the CA policy is showing up in the sign-in logs.
If you’re on a MAM-enabled device, try opening Edge and navigating to 'about:intunehelp'. Click on 'View App Info' to see the policies active on your device. That should help with troubleshooting!
Just to clarify, you targeted a user group with the policy and not a device group, right?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures