Update memdocs/intune/apps/app-protection-policy-settings-ios.md

Co-authored-by: JohanFreelancer9 <[email protected]>

Author: msbemba

memdocs/intune/apps/app-protection-policy-settings-ios.md

@@ -152,7 +152,7 @@ If you don't want to allow the default managed Universal Links, you can delete t
 | <ul><ul>**Face ID instead of PIN for access (iOS 11+)** | Select **Allow** to allow the user to use facial recognition technology to authenticate users on iOS/iPadOS devices. If allowed, Face ID must be used to access the app on a Face ID capable device.    | **Allow**  |
 | <ul>**PIN reset after number of days** | Select **Yes** to require users to change their app PIN after a set period of time, in days.  <br><br>When set to *Yes*, you then configure the number of days before the PIN reset is required. |**No**  |  
 | <ul><ul> **Number of days** | Configure the number of days before the PIN reset is required.  |**90**  |
-| <ul>**App PIN when device PIN is set** | Select **Disable** to disable the app PIN when a device lock is detected on an enrolled device with Company Portal configured.<br><br> **Note:** *Requires app to have Intune SDK version 7.0.1 or above.*  <br><br>On iOS/iPadOS devices, you can let the user prove their identity by using [Touch ID](https://support.apple.com/HT201371) or [Face ID](https://support.apple.com/HT208109) instead of a PIN. Intune uses the [LocalAuthentication](https://developer.apple.com/documentation/localauthentication/) API to authenticate users using Touch ID and Face ID. To learn more about Touch ID and Face ID, see the [iOS Security Guide](https://www.apple.com/business/docs/iOS_Security_Guide.pdf).  <br><br> When the user tries use this app with their work or school account, they're prompted to provide their fingerprint identity or face identity instead of entering a PIN. When this setting is enabled, the App-switcher preview image will be blurred while using a work or school account. Intune implements a behavior where if there is any change to the device's biometric database, Intune prompts the user for a PIN when the next inactivity timeout value is met. Changes to biometric data include the addition or removal of a fingerprint, or face. If the Intune user does not have a PIN set, they are led to set up an Intune PIN.  |  **Enable** |  
+| <ul>**App PIN when device PIN is set** | Select **Disable** to disable the app PIN when a device lock is detected on an enrolled device with Company Portal configured.<br><br> **Note:** *Requires app to have Intune SDK version 7.0.1 or above.*  <br><br>On iOS/iPadOS devices, you can let the user prove their identity by using [Touch ID](https://support.apple.com/HT201371) or [Face ID](https://support.apple.com/HT208109) instead of a PIN. Intune uses the [LocalAuthentication](https://developer.apple.com/documentation/localauthentication/) API to authenticate users using Touch ID and Face ID. To learn more about Touch ID and Face ID, see the [iOS Security Guide](https://www.apple.com/business/docs/iOS_Security_Guide.pdf).  <br><br> When the user tries to use this app with their work or school account, they're prompted to provide their fingerprint identity or face identity instead of entering a PIN. When this setting is enabled, the App-switcher preview image will be blurred while using a work or school account. Intune implements a behavior where if there is any change to the device's biometric database, Intune prompts the user for a PIN when the next inactivity timeout value is met. Changes to biometric data include the addition or removal of a fingerprint or face. If the Intune user does not have a PIN set, they are led to set up an Intune PIN.  |  **Enable** |  
 | **Work or school account credentials for access** | Select **Require** to require the user to sign in with their work or school account instead of entering a PIN for app access. If you set this to **Require**, and PIN or biometric prompts are turned on, both corporate credentials and either the PIN or biometric prompts are shown.  | **Not required** |
 | **Recheck the access requirements after (minutes of inactivity)** | Configure the number of minutes of inactivity that must pass before the app requires the user to again specify the access requirements. <br><br> For example, an admin turns on PIN and Blocks rooted devices in the policy, a user opens an Intune-managed app, must enter a PIN, and must be using the app on a non-rooted device. When using this setting, the user would not have to enter a PIN or undergo another root-detection check on any Intune-managed app for a period of time equal to the configured value.  <br><br>**Note:** *On iOS/iPadOS, the PIN is shared amongst all Intune-managed apps of the **same publisher**. The PIN timer for a specific PIN is reset once the app leaves the foreground on the device. The user wouldn't have to enter a PIN on any Intune-managed app that shares its PIN for the duration of the timeout defined in this setting. This policy setting format supports a positive whole number.*     | **30** |