The wide range of parameters available while designing device restriction policies allows one to customize protection to their individual needs. It is required to see the security configuration framework guidance for iOS device limitation policies for more information on how to implement certain security configuration scenarios. Each level of the security configuration framework builds on the preceding level, guiding individually owned and supervised devices.

 

Settings apply to all enrollment types

All enrollment kinds are affected by the App Store, Doc Viewing, and Gaming settings.

Unmanaged programs will be unable to read business documents. Intune does not change or update this setting when set to ‘Not configured (default). The OS may allow corporate documents to be seen in any program by default.

If one wants to block users from saving files to Dropbox using the OneDrive app, the option should be set to ‘Yes.’ After receiving the policy (for example, after a restart), devices are no longer able to save.

Allows unmanaged apps to read and access contact information from managed apps, such as the built-in iOS/iPad OS Contacts app. Intune does not change or update this setting while it is set to Not configured (default). The OS may block reading from the built-in Contacts app on smartphones by default.

 

Settings apply to device enrollment, automated device enrollment (supervised)

All purchases should require an iTunes Store password: Each in-app or iTunes purchase requires customers to provide their Apple ID password. Intune does not change or update this setting while set to Not configured (default). By default, the operating system may allow purchases to be made without requiring a password each time.

Allows managed apps, such as the Outlook mobile app, to save or sync contact information to the built-in iOS/iPad OS Contacts app, including business and corporate contacts. Intune does not change or update this setting while set to Not configured (default). Managed apps may be prevented by default from saving or syncing contact information to the built-in iOS/iPad OS Contacts app.

Settings apply to automated device enrollment (supervised)

App shop on the block: Stops supervised devices from accessing the app store. Intune does not change or update this setting while set to Not configured (default). The operating system may grant access by default.

Playback of explicit music, podcasts, and iTunes U is disabled: One can’t listen to explicit music, podcasts, or news on iTunes. Intune does not change or update this setting while set to Not configured (default). The OS may allow the device to view adult-rated content from the store by default.

 

Conclusion

One can enrol their Android Enterprise dedicated devices, fully managed devices, or corporate-owned work profile devices after setting up in Intune. A factory reset is required for Intune registration for dedicated devices, fully managed devices, and corporate-owned devices with a work profile. The operating system determines how one enrols the Android Enterprise devices.

 

Reference links

  1. https://docs.microsoft.com/en-us/mem/intune/enrollment/android-dedicated-devices-fully-managed-enroll
  2. https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-ios

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here