I have written many posts regarding Microsoft Mobile Management solution, Intune. Intune has this great feature called App Protection policy, which lets you control and protect data transfers between device apps. From my previous post of Intune Manage Apps | Managing non-Microsoft Applications, we have discussed how to add none Microsoft app to an app protection list and add protection policies, but what if you don’t have an app that supports Intune protection policies? To address this, Microsoft recently came up with creating exceptions when implementing app protection policy. From this post, I’m going to explain how to configure exception apps for Android and iOS devices.
Intune SDK supported apps are available as store apps in Google Play Store and Apple Store. But its limited. Recently I tried hard to find an image viewer app that supports Intune Protection, but couldn’t. When you have implemented app protection policies with manage apps, data can be transferred only within managed apps, so if you don’t have a managed app to open image files, those files can’t be opened, in example you get an image file attachment from Outlook app which is a managed app, you can only open this attachment when you have a managed app to open image files.
In cases like this you can create exceptions to allow data to flow out of managed apps so you can view and open those files, but remember this data will not be protected from polices, those can be saved copied or forwarded to other parties. So when you add exceptions, be sure to only to add if its unavoidable situation. Lets see how to add exception for image viewing
com.google.android.apps.photos
Log in to the Azure Portal and Intune console
Click Mobile Apps and App Protection Policies
Here I’m editing a policy already created. If you want, you can create a new policy
Click policy settings
In Select apps to exempt click Select
In Exempt Apps type the name and in value column type the package ID of the app.
Click OK and Save
It will take few hours to kick in the policy, now photos from managed apps can be viewed from default android photo app, there will not be any protection to image file types.
Hope this post is useful.
Thanks