Issue:
When applying a specific App Protection Policy to only “Apps on Intune managed devices” the policy is not applied.
The devices are managed and compliant under Intune.
Intune > Client apps > App protection status
App Protection Report list all managed iOS devices as unmanaged, the issue lies in the way APP detects and reports on devices and therefore is unable to assign the appropriate policy to the device.
App Reporting for an individual user shows “Not checked in. On next sync, this app will receive one or more of policies: <policy name> based on the management level” indicating the policy is targeting the correct management type and relates to the reported device state.
This issue has been identified on at least 2 production and 1 test environment, Microsoft support has now also acknowledged the issue and is looking into a fix.
Workaround:
Change the policy target to one of the following
- Target to all application types = Yes
- Apps on unmanaged devices
For now you will have to manage all iOS devices with the same policy.