Key Takeaways
- This policy improves security for supervised iOS devices using Intune.
- It prevents devices from pairing with unknown or personal computers.
- Company data stays protected from unauthorized access.
- Users cannot change this setting on supervised devices.
- IT teams get better control over device connections and data safety.
Hey, let’s discuss about How to Restrict Host Pairing for Better iOS Device Security using Intune. This policy controls how an iOS device connects to computers using a USB cable. Normally, when you connect an iPhone or iPad to a computer, the device can trust that computer and allow data access. This policy helps control that behavior to improve security.
When this policy is enabled, the iOS device can only pair with the computer that was used during device supervision. Any other computer will not be trusted automatically. This helps prevent unauthorized computers from accessing the device.
This policy is mainly useful for supervised devices that are owned by an organization. It ensures that employees or users cannot connect the device to personal or unknown computers. This reduces the risk of data theft or misuse.
Using Intune,administrators can easily apply this policy to managed iOS devices. Once applied, the setting works silently in the background without user action. Users will still be able to charge their devices, but data access will be restricted.
Table of Contents
Restrict Host Pairing for Better iOS Device Security using Intune
Overall, this policy improves device security and protects company data. It gives IT teams better control over how devices are used and connected. This makes it an important setting for organizations managing iOS devices using Intune.
- How to Use Windows Device Portal in Windows 11
- How to Deploy Granular USB Lockdown with Defender Device Control in Intune
- Block Untrusted and Unsigned Processes that Run from USB using Attack Surface Reduction Rules in Intune
How this Helps Supervised Devices
This policy helps supervised devices by blocking them from pairing with unknown or personal computers, allowing access only from the supervision host. This protects company data, reduces security risks like data theft or malware, and ensures users cannot change the setting. As a result, supervised iOS devices stay secure and fully controlled by IT using Intune.
Create a Profile
First sign in to the Microsoft Intune admin center. Go to Devices and select Configuration profiles. Then click Create profile to open the profile creation window. Select platform and profile type then, click Create to begin configuring your new policy.
| Steps | Details |
|---|---|
| Platform | iOS/iPadOS |
| Profile Type | Settings Catalog |
First Step
To begin configuring a policy in intune, start with the Basics step. Here, we can add the name(Allow Host Pairing) of the policy and give a brief description(To allow Host Pairing). Then click Next to continue.
Configuration Settings
In the Configuration settings tab, click the Add settings button to open the Settings picker. Search the category Restrictions or type Host Pairing. Then, select the the setting Allow Host Pairing.
Once you have selected and closed the Settings picker. You will see it on the Configuration page. Here we have only two settings: True or False. By default, this will be set to True. If you want to allow these settings, click on the Next button.
Block Host Pairing
If we blocked or false this policy, you can block the Host Pairing policy by toggling the switch. Then you can click the Next button to proceed.
Scope Tag
In Intune, Scope Tags are used to control who can view and modify a policy. The scope tag is not mandatory, so you can skip this section. It functions as a tool for organisation and access management, but assigning it is optional. Click Next to continue.
Assignments
In the Assignments tab, you choose the users or devices that will receive the policy by clicking Add Group under Include Group, select the group that you want to target (e.g HTMD Supervised Devices – iOS/iPadOs) and then click Next to continue.
Final Step
At the final Review + Create step, we see a summary of all configured settings for the new profile; after reviewing the details and making any necessary changes by clicking Previous. We click Create to finish, and a notification confirms that the “Allow Host Pairing created successfully”.
Monitoring Status
When the policy is created successfully, you can sync the device on the Company portal for faster deployment. After syncing is completed, you can check the status on the Intune Portal. Go to Devices > Configuration and search for the policy.
How to Check on End Used Device
On the end-user device, there is no on/off button to see this policy. It is controlled by Intune in the background. To check it, connect the iPhone or iPad to a computer using a USB cable. If the policy is working, the device will not ask Trust This Computer and the computer will not be able to access data. You can also open Settings > General > VPN & Device Management to see that the device is managed and supervised, which means the policy is applied.
How to Remove Assigned Groups from this Policy
After creating the policy, if you want to remove the specific group that you previously selected, you can easily do that. First, go to Devices > Configuration policies. In the Configuration policy section, search and select the policy. In the Assignment section, you will find an Edit option and click on it. Then, click the Remove option.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete this Policy from Intune
If you want to delete this policy for any reason, you can easily do so. First, search for the policy name in the configuration section. When you find the policy name, you will see a 3-dot menu next to it. Click on the 3 dots, then click the Delete button.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc