This post will outline a comprehensive plan for update iOS apps using Mobile Application Management (MAM) policies before upgrading to iOS/iPadOS 17. The upcoming release of a new iOS/iPadOS 17 OS can bring exciting features, improvements, and challenges, especially regarding app compatibility, and compliance.
As per the latest Intune plan for change, Planning for change and updating your iOS apps using Mobile Application Management (MAM) policies before upgrading to iOS/iPadOS 17 is essential to ensure the smooth transition of your apps and maintain security and compliance.
App protection policies (APP) are rules that ensure corporate data remains safe or contained in a managed app. App protection policies are supported on iOS and Android, where applications meet specific requirements.
Mobile Application Management (MAM) app protection policies allow you to manage and protect your organization’s data within an application. Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM.
- Intune Remote Help Available For OOBE Screen During Windows Autopilot Scenario
- Ability To View BitLocker Recovery Key From Intune Company Portal Website Coming Soon
Plan for Change: Update iOS Apps using MAM Policies prior to Upgrading iOS/iPadOS 17
As mentioned in MC671810, Microsoft Intune will report any applications with SDK versions earlier than 17.6.1 on iOS/iPadOS 17 and later as non-compliant with Conditional Access, Expected in September 2023.
Message | Service | Category | Published | Message ID |
---|---|---|---|---|
Update your iOS apps using MAM policies prior to upgrading iOS/iPadOS 17 | Microsoft Intune | Plan for change | 8/30/2023 | MC671810 |
Organizations using the Conditional Access grant “Require App Protection Policy (APP)” must upgrade their iOS apps to the latest version before upgrading to iOS/iPadOS 17 to ensure applications stay secure and maintain access to Conditional Access protected services.
This change ensures that apps are using Intune iOS SDK version 17.6.1 or higher to support the upcoming iOS/iPadOS 17 release.
How this will affect your organization
If you do not use, or do not plan to use mobile application management (MAM/APP), disregard this notice.
If users do not upgrade their apps to the latest version prior to upgrading to iOS 17, the app will fail the “Require App Protection Policy” Conditional Access check, and these apps will be unable to connect services such as Microsoft 365.
User Impact: Users will need to upgrade their app to maintain access to company data. If they do not upgrade their app, they will need to do so to restore access to these services.
What you need to do to Prepare
Communicate this change to your users to ensure they upgrade their apps to the latest version prior to upgrading to iOS 17.
You can review the Intune APP iOS SDK version in use by your end users by using the MAM reports in the Intune Admin Console. Navigate to Apps > Monitor.
In the Monitor > App protection status, then review “Platform version” and “iOS SDK version”. Review applications with iOS SDK version less than 17.6.1.
A warning message appears showing that some data in this report takes longer to process. The column will show a syncing status while the data is being prepared.
Test App Compatibility, Create a testing environment to evaluate how your critical apps and MAM policies perform. Identify any issues and work on resolving them.
Once you are confident that your apps and MAM policies are compatible with iOS/iPadOS 17, schedule the upgrade for your organization.
Note there have been several service change notices to prepare for iOS/iPadOS 17, including MC666161 and MC578235. Please review all of your service change notices to prepare for Apple’s latest service release.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.