Sending Org Data to Other Apps – iOS App Protection

You may have noticed when creating an app protection policy for iOS there are now 5 options when deciding how org data can be shared with other apps. As some of these settings are relatively new I decided to do a post on each setting and what the experience would be like for the end user.

image

All Apps

The first setting is All Apps, now this one has always been there and does not really take much explaining! Essentially when using All Apps you are allowign corporate data to be sent to any app regardless of whether it is managed by policy or not. This is not recommended as you are essentially allowing unmanaged apps to open corporate data.

None

Setting Send org data to None is the most restrictive of the 5 settings. This stops you from sending any corporate data to any app regardless of whether it can be managed by app protection or not.

Policy Managed Apps

Policy Managed apps allows you to send corporate data to any app which is protected by an app protection policy. This means the app must be integrated/wrapped with the Intune SDK and targeted by your APP policy.

image

Policy Managed Apps with OS Sharing

Policy Managed apps with OS Sharing is specifically used for MDM Enrolled devices. It allows you to send corporate data to both Protected Apps and also allow file transfer to apps which are managed by Intune. Managed by Intune essentially means the app was assigned to a device from Intune as required or installed from the company portal as an available app. You can check which apps are managed by Intune on a device by going to Settings > General > Device Management.

  • Click on the Management Profile
  • Click Apps
  • The Intune managed apps should be listed
  • image

    If this setting is targeted to a device which is not MDM enrolled it will be treated as if the “Policy Managed apps” setting was selected.

    Policy Managed Apps with Open-In/Share Filtering

    This setting again allows corporate data to be sent only to apps which are protected by an app protection policy but will also help guide users which apps they can use to open/share corporate files in by restricting the view to only show those policy managed apps.

    Before

    image

    After

    image

    Resources: https://docs.microsoft.com/en-us/intune/app-protection-policy-settings-ios

    Jake Stoker

    Jake Stoker

    Enteprise Mobility + Security SME