App Protection Policies do not apply to managed iOS devices in Microsoft Intune


#1

Issue:

When applying a specific App Protection Policy to only “Apps on Intune managed devices” the policy is not applied.
image

The devices are managed and compliant under Intune.

Intune > Client apps > App protection status

App Protection Report list all managed iOS devices as unmanaged, the issue lies in the way APP detects and reports on devices and therefore is unable to assign the appropriate policy to the device.

App Reporting for an individual user shows “Not checked in. On next sync, this app will receive one or more of policies: <policy name> based on the management level” indicating the policy is targeting the correct management type and relates to the reported device state.

This issue has been identified on at least 2 production and 1 test environment, Microsoft support has now also acknowledged the issue and is looking into a fix.

Workaround:

Change the policy target to one of the following

  • Target to all application types = Yes
  • Apps on unmanaged devices

For now you will have to manage all iOS devices with the same policy.