APP - unmanaged Devices
Implement SCA as Mobile Application Management (MAM) App within Microsoft Endpoint Manager. Our App can be downloaded from the App Store directly and installed on any iOS/iPadOS device. The moment a user connects with the AAD-account Access control via Azure AD, Conditional Access enforces our App to require an App Protection Policy for the SCA.
SCA supports the core Intune App Protection Policy settings and is capable of supporting advanced App Protection Policy and App Configuration Policy settings.
- Add Secure Contacts to App Protection Policies for unmanaged Devices
- Configure the setting for Send org data to other apps at least with the restrictive option e.g. Policy managed apps in the Data protection-pane for App Protection Policies.
- Add for the setting “Select apps to exempt” the following Name/Value
This option is needed for SCA to open phone-settings on the iOS/iPadOS device.
Proceed with the other settings according to your best practice for App Protection Policy
For more information about App Protection policies, you can check Microsoft Docs . App protection policies overview - Microsoft Intune | Microsoft Docs