Merge pull request #2481 from msbemba/patch-4

tiburd · web-flow · commit d342a0e82e93 · 2022-05-24T07:31:37.000-07:00
Update app-protection-policy-settings-ios.md
diff --git a/memdocs/intune/apps/app-protection-policy-settings-ios.md b/memdocs/intune/apps/app-protection-policy-settings-ios.md
@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 05/04/2022
+ms.date: 05/23/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -155,7 +155,7 @@ If you don't want to allow the default managed Universal Links, you can delete t
 | <ul><ul>**Face ID instead of PIN for access (iOS 11+)** | Select **Allow** to allow the user to use facial recognition technology to authenticate users on iOS/iPadOS devices. If allowed, Face ID must be used to access the app on a Face ID capable device.    | **Allow**  |
 | <ul>**PIN reset after number of days** | Select **Yes** to require users to change their app PIN after a set period of time, in days.  <br><br>When set to *Yes*, you then configure the number of days before the PIN reset is required. |**No**  |  
 | <ul><ul> **Number of days** | Configure the number of days before the PIN reset is required.  |**90**  |
-| <ul>**App PIN when device PIN is set** | Select **Disable** to disable the app PIN when a device lock is detected on an enrolled device with Company Portal configured.<br><br> **Note:** *Requires app to have Intune SDK version 7.0.1 or above.*  <br><br>On iOS/iPadOS devices, you can let the user prove their identity by using [Touch ID](https://support.apple.com/HT201371) or [Face ID](https://support.apple.com/HT208109) instead of a PIN. Intune uses the [LocalAuthentication](https://developer.apple.com/documentation/localauthentication/) API to authenticate users using Touch ID and Face ID. To learn more about Touch ID and Face ID, see the [iOS Security Guide](https://www.apple.com/business/docs/iOS_Security_Guide.pdf).  <br><br> When the user tries use this app with their work or school account, they're prompted to provide their fingerprint identity or face identity instead of entering a PIN. When this setting is enabled, the App-switcher preview image will be blurred while using a work or school account.  |  **Enable** |  
+| <ul>**App PIN when device PIN is set** | Select **Disable** to disable the app PIN when a device lock is detected on an enrolled device with Company Portal configured.<br><br> **Note:** *Requires app to have Intune SDK version 7.0.1 or above.*  <br><br>On iOS/iPadOS devices, you can let the user prove their identity by using [Touch ID](https://support.apple.com/HT201371) or [Face ID](https://support.apple.com/HT208109) instead of a PIN. Intune uses the [LocalAuthentication](https://developer.apple.com/documentation/localauthentication/) API to authenticate users using Touch ID and Face ID. To learn more about Touch ID and Face ID, see the [iOS Security Guide](https://www.apple.com/business/docs/iOS_Security_Guide.pdf).  <br><br> When the user tries to use this app with their work or school account, they're prompted to provide their fingerprint identity or face identity instead of entering a PIN. When this setting is enabled, the App-switcher preview image will be blurred while using a work or school account. If there is any change to the device's biometric database, Intune prompts the user for a PIN when the next inactivity timeout value is met. Changes to biometric data include the addition or removal of a fingerprint or face for authentication. If the Intune user does not have a PIN set, they are led to set up an Intune PIN.  |  **Enable** |  
 | **Work or school account credentials for access** | Select **Require** to require the user to sign in with their work or school account instead of entering a PIN for app access. If you set this to **Require**, and PIN or biometric prompts are turned on, both corporate credentials and either the PIN or biometric prompts are shown.  | **Not required** |
 | **Recheck the access requirements after (minutes of inactivity)** | Configure the number of minutes of inactivity that must pass before the app requires the user to again specify the access requirements. <br><br> For example, an admin turns on PIN and Blocks rooted devices in the policy, a user opens an Intune-managed app, must enter a PIN, and must be using the app on a non-rooted device. When using this setting, the user would not have to enter a PIN or undergo another root-detection check on any Intune-managed app for a period of time equal to the configured value.  <br><br>**Note:** *On iOS/iPadOS, the PIN is shared amongst all Intune-managed apps of the **same publisher**. The PIN timer for a specific PIN is reset once the app leaves the foreground on the device. The user wouldn't have to enter a PIN on any Intune-managed app that shares its PIN for the duration of the timeout defined in this setting. This policy setting format supports a positive whole number.*     | **30** |
 
