Scenario:
We are trying to configure iOS apps assigned to a user group so they are required if they are on a corporate device, but are "available" (optional) for personal devices. I see how to put the user group in required or available, but I don't see how to make it so it the app isn't automatically installed if they tie in their personal device. Our goal is to make it so if we provide a device it automatically comes with all the right apps, but if they tie in their own device, the should be able to choose which apps to install.
Solution:
- Create an AAD dynamic group (Intune iOS Corp Devices) that distinguishes based either on Device Category or Device Ownership, and then set it up to take only corporate owned devices into this group (you can create device categories under Intune --> Devices --> Others Device Categories)
Create Device Category:
Open Microsoft Endpoint Manager Portal (https://endpoint.microsoft.com/)
Click on Devices --> Scroll to the bottom in the center panel --> Select Device Categories
Click on Create device category to add
Fill in the details for the category
Add Scope Tags
Click on Create to finish
- Create app-based AAD user security group as needed (pro-tip: you can automate group maintenance by making this a dynamic user group)
- Create an iOS app policy and include "Intune iOS Corp Devices" group under "required" scope & Under Available for enrolled devices add "Intune iOS App-based Users"
This will result in Corporate iOS devices reaching users with their required apps already installed. Whereas the user were to enroll their own device into the environment, their device would have the apps available for install but will not install automatically.
-
Comments
0 comments
Article is closed for comments.