From d6ec4ec600bf9538c89c73b2d7a8fd5443e05de3 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Sat, 26 Feb 2022 14:47:28 +0530 Subject: [PATCH 1/4] Update end-user-mam-apps-ios.md Added a section for required approved client app --- memdocs/intune/fundamentals/end-user-mam-apps-ios.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/memdocs/intune/fundamentals/end-user-mam-apps-ios.md b/memdocs/intune/fundamentals/end-user-mam-apps-ios.md index fe3c98ae225..415e6deeab1 100644 --- a/memdocs/intune/fundamentals/end-user-mam-apps-ios.md +++ b/memdocs/intune/fundamentals/end-user-mam-apps-ios.md @@ -42,6 +42,14 @@ If the device is **not enrolled in Intune**, the user is asked to restart the ap For devices that are **enrolled for management in Intune**, the user sees a message that their app is now managed. + +### Require approved client app + +Organizations can require that an access attempt to the selected cloud apps needs to be made from an approved client app. These approved client apps support [Intune app protection policies](/intune/app-protection-policy) independent of any mobile-device management (MDM) solution. + +In order to apply this grant control, Conditional Access requires that the device is registered in Azure Active Directory, which requires the use of a broker app. The broker app can be the Microsoft Authenticator for iOS. If a broker app isn’t installed on the device when the user attempts to authenticate, the user gets redirected to the appropriate app store to install the required broker app. + + ## Use apps with multi-identity support Apps that support multi-identity let you use different work and personal accounts to access the same apps. App protection policies, like entering a device PIN, are activated when users access these apps in a work or school context. From 6ee9ce8ebeba63fed0643b40f4fa375f550dac84 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Sun, 27 Feb 2022 11:04:02 +0530 Subject: [PATCH 2/4] Update memdocs/intune/fundamentals/end-user-mam-apps-ios.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- memdocs/intune/fundamentals/end-user-mam-apps-ios.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/end-user-mam-apps-ios.md b/memdocs/intune/fundamentals/end-user-mam-apps-ios.md index 415e6deeab1..161ac02caec 100644 --- a/memdocs/intune/fundamentals/end-user-mam-apps-ios.md +++ b/memdocs/intune/fundamentals/end-user-mam-apps-ios.md @@ -43,7 +43,7 @@ If the device is **not enrolled in Intune**, the user is asked to restart the ap For devices that are **enrolled for management in Intune**, the user sees a message that their app is now managed. -### Require approved client app +### Approved client app requirement Organizations can require that an access attempt to the selected cloud apps needs to be made from an approved client app. These approved client apps support [Intune app protection policies](/intune/app-protection-policy) independent of any mobile-device management (MDM) solution. From 66f4e1ca91c8218d0bab926e98d8df2043e7c5ea Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Sun, 27 Feb 2022 11:04:09 +0530 Subject: [PATCH 3/4] Update memdocs/intune/fundamentals/end-user-mam-apps-ios.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- memdocs/intune/fundamentals/end-user-mam-apps-ios.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/end-user-mam-apps-ios.md b/memdocs/intune/fundamentals/end-user-mam-apps-ios.md index 161ac02caec..50927fcb8ab 100644 --- a/memdocs/intune/fundamentals/end-user-mam-apps-ios.md +++ b/memdocs/intune/fundamentals/end-user-mam-apps-ios.md @@ -45,7 +45,7 @@ For devices that are **enrolled for management in Intune**, the user sees a mess ### Approved client app requirement -Organizations can require that an access attempt to the selected cloud apps needs to be made from an approved client app. These approved client apps support [Intune app protection policies](/intune/app-protection-policy) independent of any mobile-device management (MDM) solution. +Organizations might require that an access attempt to the selected cloud apps needs to be made from an approved client app. These approved client apps support [Intune app protection policies](/intune/app-protection-policy) independent of any mobile device management (MDM) solution. In order to apply this grant control, Conditional Access requires that the device is registered in Azure Active Directory, which requires the use of a broker app. The broker app can be the Microsoft Authenticator for iOS. If a broker app isn’t installed on the device when the user attempts to authenticate, the user gets redirected to the appropriate app store to install the required broker app. From 151457af66a1b1177cf65fbaf2965fa828c099df Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Sun, 27 Feb 2022 11:04:15 +0530 Subject: [PATCH 4/4] Update memdocs/intune/fundamentals/end-user-mam-apps-ios.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- memdocs/intune/fundamentals/end-user-mam-apps-ios.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/end-user-mam-apps-ios.md b/memdocs/intune/fundamentals/end-user-mam-apps-ios.md index 50927fcb8ab..252d2e0986d 100644 --- a/memdocs/intune/fundamentals/end-user-mam-apps-ios.md +++ b/memdocs/intune/fundamentals/end-user-mam-apps-ios.md @@ -47,7 +47,7 @@ For devices that are **enrolled for management in Intune**, the user sees a mess Organizations might require that an access attempt to the selected cloud apps needs to be made from an approved client app. These approved client apps support [Intune app protection policies](/intune/app-protection-policy) independent of any mobile device management (MDM) solution. -In order to apply this grant control, Conditional Access requires that the device is registered in Azure Active Directory, which requires the use of a broker app. The broker app can be the Microsoft Authenticator for iOS. If a broker app isn’t installed on the device when the user attempts to authenticate, the user gets redirected to the appropriate app store to install the required broker app. +In order to apply this grant control, Conditional Access requires that the device is registered in Azure Active Directory, which requires the use of a broker app. The broker app could be the Microsoft Authenticator for iOS. If a broker app isn’t installed on the device when the user attempts to authenticate, the user gets redirected to the appropriate app store to install the required broker app. ## Use apps with multi-identity support