You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Acrolinx Correctness changes
Line 50: Intune private data type are --> Intune private data type is
Line 79: how web content (http/https links) are opened --> how web content (http/https links) is opened
Copy file name to clipboardExpand all lines: memdocs/intune/apps/app-protection-policy-settings-ios.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,7 +47,7 @@ There are three categories of policy settings: *Data relocation*, *Access requir
47
47
| Setting | How to use | Default value |
48
48
|------|----------|-------|
49
49
|**Backup Org data to iTunes and iCloud backups**| Select **Block** to prevent this app from backing up work or school data to iTunes and iCloud. Select **Allow** to allow this app to back up of work or school data to iTunes and iCloud. |**Allow**|
50
-
| **Send Org data to other apps** | Specify what apps can receive data from this app: <ul><li>**All apps**: Allow transfer to any app. The receiving app will have the ability to read and edit the data.</li><li>**None**: Do not allow data transfer to any app, including other policy-managed apps. If the user performs a managed open-in function and transfers a document, the data will be encrypted and unreadable.</li><li> **Policy managed apps**: Allow transfer only to other policy-managed apps. <p><p>**Note:** _Users may be able to transfer content via Open-in or Share extensions to unmanaged apps on unenrolled devices or enrolled devices that allow sharing to unmanaged apps. Transferred data is encrypted by Intune and unreadable by unmanaged apps._</li><li> **Policy managed apps with OS sharing**: Only allow data transfer to other policy managed apps, as well as file transfers to other MDM managed apps on enrolled devices. <p><p>**Note:** _The **Policy managed apps with OS sharing** value is applicable to MDM enrolled devices only. If this setting is targeted to a user on an unenrolled device, the behavior of the **Policy managed apps** value applies. Users will be able to transfer unencrypted content via Open-in or Share extensions to any application allowed by the iOS MDM allowOpenFromManagedtoUnmanaged setting, assuming the sending app has the IntuneMAMUPN and IntuneMAMOID configured; for more information, see [How to manage data transfer between iOS apps in Microsoft Intune](data-transfer-between-apps-manage-ios.md). See https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf for more information on this iOS/iPadOS MDM setting._<p><p></li><li>**Policy managed apps with Open-In/Share filtering**: Allow transfer only to other policy managed apps, and filter OS Open-in/Share dialogs to only display policy managed apps. To configure the filtering of the **Open-In/Share** dialog, it requires both the app(s) acting as the file/document source and the app(s) that can open this file/document to have the Intune SDK for iOS version 8.1.1 or above. <p><p>**Note:** _Users may be able to transfer content via Open-in or Share extensions to unmanaged apps if Intune private data type are supported by the app. Transferred data is encrypted by Intune and unreadable by unmanaged apps._</li></ul><br>In addition, when set to **Policy managed apps** or **None**, the Spotlight search (enables searching data within apps) and Siri shortcuts iOS features are blocked. <p><p>This policy can also apply to iOS/iPadOS Universal Links. General web links are managed by the **Open app links in Intune Managed Browser** policy setting. <p> There are some exempt apps and services to which Intune may allow data transfer by default. In addition, you can create your own exemptions if you need to allow data to transfer to an app that doesn't support Intune APP. See [data transfer exemptions](#data-transfer-exemptions) for more information. | **All apps** |
50
+
| **Send Org data to other apps** | Specify what apps can receive data from this app: <ul><li>**All apps**: Allow transfer to any app. The receiving app will have the ability to read and edit the data.</li><li>**None**: Do not allow data transfer to any app, including other policy-managed apps. If the user performs a managed open-in function and transfers a document, the data will be encrypted and unreadable.</li><li> **Policy managed apps**: Allow transfer only to other policy-managed apps. <p><p>**Note:** _Users may be able to transfer content via Open-in or Share extensions to unmanaged apps on unenrolled devices or enrolled devices that allow sharing to unmanaged apps. Transferred data is encrypted by Intune and unreadable by unmanaged apps._</li><li> **Policy managed apps with OS sharing**: Only allow data transfer to other policy managed apps, as well as file transfers to other MDM managed apps on enrolled devices. <p><p>**Note:** _The **Policy managed apps with OS sharing** value is applicable to MDM enrolled devices only. If this setting is targeted to a user on an unenrolled device, the behavior of the **Policy managed apps** value applies. Users will be able to transfer unencrypted content via Open-in or Share extensions to any application allowed by the iOS MDM allowOpenFromManagedtoUnmanaged setting, assuming the sending app has the IntuneMAMUPN and IntuneMAMOID configured; for more information, see [How to manage data transfer between iOS apps in Microsoft Intune](data-transfer-between-apps-manage-ios.md). See https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf for more information on this iOS/iPadOS MDM setting._<p><p></li><li>**Policy managed apps with Open-In/Share filtering**: Allow transfer only to other policy managed apps, and filter OS Open-in/Share dialogs to only display policy managed apps. To configure the filtering of the **Open-In/Share** dialog, it requires both the app(s) acting as the file/document source and the app(s) that can open this file/document to have the Intune SDK for iOS version 8.1.1 or above. <p><p>**Note:** _Users may be able to transfer content via Open-in or Share extensions to unmanaged apps if Intune private data type is supported by the app. Transferred data is encrypted by Intune and unreadable by unmanaged apps._</li></ul><br>In addition, when set to **Policy managed apps** or **None**, the Spotlight search (enables searching data within apps) and Siri shortcuts iOS features are blocked. <p><p>This policy can also apply to iOS/iPadOS Universal Links. General web links are managed by the **Open app links in Intune Managed Browser** policy setting. <p> There are some exempt apps and services to which Intune may allow data transfer by default. In addition, you can create your own exemptions if you need to allow data to transfer to an app that doesn't support Intune APP. See [data transfer exemptions](#data-transfer-exemptions) for more information. | **All apps** |
51
51
| <ul>**Select apps to exempt**| This option is available when you select *Policy managed apps* for the previous option. ||
52
52
| <ul>**Select universal links to exempt**| Specify which iOS/iPadOS [Universal Links](#universal-links) should open in the specified *unmanaged* application instead of the protected browser specified by the **Restrict web content transfer with other apps** setting. You must contact the application developer to determine the correct universal link format for each application. ||
53
53
| <ul>**Select managed universal links**| Specify which iOS/iPadOS [Universal Links](#universal-links) should open in the specified *managed* application instead of the protected browser specified by the **Restrict web content transfer with other apps** setting. You must contact the application developer to determine the correct universal link format for each application. ||
@@ -76,7 +76,7 @@ There are three categories of policy settings: *Data relocation*, *Access requir
76
76
|------|----------|-------|
77
77
|**Sync policy managed app data with native apps**| Choose **Block** to prevent the policy managed apps from saving data to the native Contacts app on the device. If you choose **Allow**, the app can save data to the native Contacts app on the device, when those features are enabled within the policy managed app. <br><br>When you perform a selective wipe to remove work, or school data from the app, contacts data synced directly from the app to the native Contacts app are removed. Any contacts data synced from the native Contacts app to another external source can't be wiped. Currently, this applies only to Outlook for iOS app; for more information, see [Deploying Outlook for iOS and Android app configuration settings](/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune). |**Allow**|
78
78
|**Printing Org data**| Select **Block** to prevent the app from printing work or school data. If you leave this setting to **Allow**, the default value, users will be able to export and print all Org data. |**Allow**|
79
-
| **Restrict web content transfer with other apps** | Specify how web content (http/https links) are opened from policy-managed applications. Choose from: <ul><li>**Any app**: Allow web links in any app.</li><li>**Intune Managed Browser**: Allow web content to open only in the Intune Managed Browser. This browser is a policy-managed browser.</li><li>**Microsoft Edge**: Allow web content to open only in the Microsoft Edge. This browser is a policy-managed browser.</li><li>**Unmanaged browser**: Allow web content to open only in the unmanaged browser defined by **Unmanaged browser protocol** setting. The web content will be unmanaged in the target browser.<br>**Note**: Requires app to have Intune SDK version 11.0.9 or later.</li></ul> If you're using Intune to manage your devices, see [Manage Internet access using managed browser policies with Microsoft Intune](manage-microsoft-edge.md).<br><br>If a policy-managed browser is required but not installed, your end users will be prompted to install the Microsoft Edge.<p>If a policy-managed browser is required, iOS/iPadOS Universal Links are managed by the **Allow app to transfer data to other apps** policy setting. <p>**Intune device enrollment**<br>If you are using Intune to manage your devices, see Manage Internet access using managed browser policies with Microsoft Intune. <p>**Policy-managed Microsoft Edge**<br>The Microsoft Edge browser for mobile devices (iOS/iPadOS and Android) supports Intune app protection policies. Users who sign in with their corporate Azure AD accounts in the Microsoft Edge browser application will be protected by Intune. The Microsoft Edge browser integrates the Intune SDK and supports all of its data protection policies, with the exception of preventing:<br><ul><li>**Save-as**: The Microsoft Edge browser does not allow a user to add direct, in-app connections to cloud storage providers (such as OneDrive).</li><li>**Contact sync**: The Microsoft Edge browser does not save to native contact lists.</li></ul><br>**Note**: *The Intune SDK cannot determine if a target app is a browser. On iOS/iPadOS devices, no other managed browser apps are allowed.* | **Not configured** |
79
+
| **Restrict web content transfer with other apps** | Specify how web content (http/https links) is opened from policy-managed applications. Choose from: <ul><li>**Any app**: Allow web links in any app.</li><li>**Intune Managed Browser**: Allow web content to open only in the Intune Managed Browser. This browser is a policy-managed browser.</li><li>**Microsoft Edge**: Allow web content to open only in the Microsoft Edge. This browser is a policy-managed browser.</li><li>**Unmanaged browser**: Allow web content to open only in the unmanaged browser defined by **Unmanaged browser protocol** setting. The web content will be unmanaged in the target browser.<br>**Note**: Requires app to have Intune SDK version 11.0.9 or later.</li></ul> If you're using Intune to manage your devices, see [Manage Internet access using managed browser policies with Microsoft Intune](manage-microsoft-edge.md).<br><br>If a policy-managed browser is required but not installed, your end users will be prompted to install the Microsoft Edge.<p>If a policy-managed browser is required, iOS/iPadOS Universal Links are managed by the **Allow app to transfer data to other apps** policy setting. <p>**Intune device enrollment**<br>If you are using Intune to manage your devices, see Manage Internet access using managed browser policies with Microsoft Intune. <p>**Policy-managed Microsoft Edge**<br>The Microsoft Edge browser for mobile devices (iOS/iPadOS and Android) supports Intune app protection policies. Users who sign in with their corporate Azure AD accounts in the Microsoft Edge browser application will be protected by Intune. The Microsoft Edge browser integrates the Intune SDK and supports all of its data protection policies, with the exception of preventing:<br><ul><li>**Save-as**: The Microsoft Edge browser does not allow a user to add direct, in-app connections to cloud storage providers (such as OneDrive).</li><li>**Contact sync**: The Microsoft Edge browser does not save to native contact lists.</li></ul><br>**Note**: *The Intune SDK cannot determine if a target app is a browser. On iOS/iPadOS devices, no other managed browser apps are allowed.* | **Not configured** |
80
80
|<ul>**Unmanaged Browser Protocol**| Enter the protocol for a *single* unmanaged browser. Web content (http/https links) from policy managed applications will open in any app that supports this protocol. The web content will be unmanaged in the target browser. <br><br>This feature should only be used if you want to share protected content with a specific browser that is not enabled using Intune app protection policies. You must contact your browser vendor to determine the protocol supported by your desired browser.<br><br>**Note**: *Include only the protocol prefix. If your browser requires links of the form `mybrowser://www.microsoft.com`, enter `mybrowser`.*<br>Links will be translated as:<br><ul><li>`http://www.microsoft.com` > `mybrowser://www.microsoft.com`</li><li>`https://www.microsoft.com` > `mybrowsers://www.microsoft.com`</li></ul> |**Blank**|
81
81
|**Org data notifications**| Specify how Org data is shared via OS notifications for Org accounts. This policy setting will impact the local device and any connected devices such as wearables and smart speakers. Apps may provide additional controls to customize notification behavior or may choose to not honor all values. Select from: <ul><li>**Blocked**: Do not share notifications.</li><ul><li>If not supported by the application, notifications will be allowed.</li></ul><li>**Block org Data**: Do not share Org data in notifications, for example.</li><UL><li>"You have new mail"; "You have a meeting".</li><li>If not supported by the application, notifications will be blocked.</li></ul><li>**Allow**: Shares Org data in the notifications.</li></ul> <p>**Note**: *This setting requires app support: <ul><li>Outlook for iOS 4.34.0 or later</li><li>Teams for iOS 2.0.22 or later.*</ul> |**Allow**|
0 commit comments