Based on the security level selected while creating the iOS Intune App Protection Policy, the settings that are predefined by ZENworks can be viewed or edited by performing the steps elaborated in this section. As this policy, does not support creation of a Sandbox version, when you edit any of the settings within this policy, the policy needs to be published as a new version. For more information, see Publishing the App Protection Policy.
In ZENworks Control Center, navigate to the Policies section.
Click the iOS App Protection Policy for which the content needs to be configured.
Click the Details tab and edit the settings.
NOTE:If you had selected Define Additional Properties while creating this policy, after clicking the Finish button you will be directly navigated to the Details tab.
You can edit the list of apps that you had selected in the policy. You can also click Add to include custom apps to this list.
There are two categories of iOS Intune App Protection Policy settings: Data Relocation settings and App Access settings.
|
Setting Name |
Description |
|---|---|
|
Prevent iTunes and iCloud backups |
If you select Yes app data will not be backed up to iCloud or iTunes. |
|
Allow app to receive data from other apps |
Select one of the following options to specify from which app, data can be received:
|
|
Allow app to transfer data to other apps |
Select one of the following options to specify to which app, data can be transferred.
|
|
Prevent "Save As" |
If you select Yes the Save As option on the app will be disabled. |
|
Select the storage services to which the corporate data can be saved |
This field will be enabled if the Prevent “Save As” option is enabled. You can select specific storage services to which the app data can be saved, such as Sharepoint, Onedrive or the local storage. Use CTRL + Click to select multiple values in the field. |
|
Restrict cut, copy, and paste with other apps: |
Select from any one of the following options to restrict or allow cut, copy, or paste operations:
|
|
Restrict web content to display in the Managed Browser |
Select Yes to restrict the opening of web links displayed in the app to the Managed Browser app. |
|
Encrypt app data |
Select from one of the following options to decide when the app data should be encrypted:
When a PIN is required, the data is encrypted according to the settings in this policy. If a device PIN is not set and if these encryption settings are enabled, then the user will be prompted to set a PIN. |
|
Disable contact sync |
Select Yes to prevent the app from saving data to the native Contacts app on the device. |
|
Disable printing |
Select Yes to prevent the app from printing protected data. |
|
Setting Name |
Description |
|---|---|
|
Require PIN for access |
Select Yes to create a PIN for this app. The user will be prompted to setup a PIN the first time they run the app. The following fields will also be enabled:
|
|
PIN Type |
Select the type of PIN to be set, that is, a numeric PIN or a passcode type PIN. |
|
Number of attempts before PIN reset |
Specify the number of times the users can attempt to enter the PIN before they must reset it. You can specify only a positive whole number. |
|
Allow simple PIN |
Select Yes to allow users to specify a simple PIN sequence such as 1111 and 1234. NOTE:If a Passcode type PIN is configured, and Allow simple PIN is set to Yes, you need to specify at least 1 letter or at least 1 special character. If Passcode type PIN is configured, and Allow simple PIN is set to No, you need to specify at least 1 number, 1 letter and 1 special character. |
|
PIN length |
Specify the number of digits in the PIN sequence. You can only specify a positive whole number. |
|
Allow fingerprint instead of PIN |
Select Yes to allow the user to use fingerprint identifications instead of a PIN to access the app. This is applicable only on iOS 8.0 or newer versions. |
|
Allow facial recognition instead of PIN |
Select Yes to allow the user to use facial recognition instead of a PIN to access the app. This is applicable only on iOS 11.0 or newer versions. |
|
Disable app PIN when device PIN is managed |
Select Yes to disable the app PIN when a device lock is detected on an enrolled device. |
|
Require corporate credentials for access |
Select Yes to require the user to use their corporate credentials instead of entering a PIN for app access. |
|
Block managed apps from running on jailbroken or rooted devices |
Select Yes to prevent this app from running on jailbroken or rooted devices. |
|
Offline interval before app data is wiped (days) |
If a device is running offline, specify the number of days after which the app will require the user to connect to the network and re-authenticate. If the user successfully authenticates, they can continue to access their data and the offline interval will reset. If the user fails to authenticate, the app will perform a selective wipe of the users account and data. |
|
Recheck the access requirements after timeout (minutes) |
Specify the time (in minutes) after which the access requirements are rechecked. |
|
Recheck the access requirements after offline grace period (minutes) |
Specify the time (in minutes) that the app can run offline, after which the access requirements are rechecked. |
|
Require minimum iOS operating system |
Select Yes if a minimum iOS operating system is required to use the app. The user’s access to the app will be blocked if the minimum OS requirement is not met. You can specify the value in the iOS operating system field. |
|
Require minimum iOS operating system (Warning only) |
Select Yes if a minimum iOS operating system is required to use the app. The user will receive a notification if the minimum OS requirement is not met, which can be dismissed. You can specify the value in the iOS operating system field. |
|
Require minimum app version |
Select Yes if a minimum app version is required to use the app. The user’s access to the app will be blocked if the minimum app version requirement is not met. You can specify the value in the App version field. |
|
Require minimum app version (Warning only) |
Select Yes if a minimum app version is required to use the app. The user will receive a notification if the minimum app version requirement is not met, which can be dismissed. You can specify the value in the app version field. |
|
Require minimum Intune app protection policy SDK version |
Select Yes if a minimum Intune app protection policy SDK version is required to access the app. The user is blocked from access if the app’s Intune app protection policy SDK version does not meet the requirement. |
Click Publish to display the Publish Option page. In this page you can publish the modified policy as a new version of the same policy or as a new policy.
Unlike other policies in ZCC, you cannot create a Sandbox version of the iOS Intune App Protection policy. When you edit the settings of the latest version of the policy, you can only publish the policy as a new version. To edit the older version of a policy:
Click Policies in the left hand pane in ZCC.
Click an iOS App Protection Policy.
From the Displayed Version drop-down menu select a version of the policy that you want to edit.
Click Publish and publish the policy to its latest version.
Edit the settings of the policy and click Publish to apply the latest changes.
Consider a scenario, where version 0 is selected of the two published versions (version 0 and version 1) of the policy. After selecting version 0, click Publish to publish the policy to its latest version, that is Version 2. You can now edit the settings of the policy and publish the policy again as Version 3.