This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 13%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
I'm looking for a way to remove corporate data on non enrolled devices that are using Intune managed apps
Found documentation but doesn't mention if only for enrolled devices or Windows (https://learn.microsoft.com/en-us/mem/intune/apps/apps-selective-wipe)
I do see in the notes that user has to open the application for the wipe to work but what does Intune consider corporate data ( attachments opened from Outlook, documents opened from trusted source like OneDrive or SharePoint)
Yes, this is applicable to MAM-only devices (as well as MDM-enrolled devices with MAM/APP policies) as this is an app specific operation.
It's not really about what Intune considers corporate data, it's what the app itself considers corporate data and it's up to each managed app to define this. Some apps have multi-persona support (like the Office apps in iOS and DA mode on Android) and so delete all data associated with the corporate persona. For apps on Android Enterprise, there is a corporate instance of the app that gets its data wiped.
Is it the setting in the App Protection Policy or App Configuration Policy to define what is consider corporate data?
Is it the setting in the App Protection Policy or App Configuration Policy to define what is consider corporate data?
No. As noted, it's based on the account the user logs into the app with. If it's a corporate account and accesses data from a corporate location, i.e., the login for that location is done with a corporate account, then the data is corporate,
When you say from a corporate location do you mean like from OneDrive or SharePoint not from accessing a word attachment in Outlook?
All of the above assuming they are accessed using a corporate account. As noted, it's all about the account/credentials used to access the data. If a corporate account is required to access the data, then the data is marked as corporate. If no account or a non-corporate account is used to access the data, then the data is not marked as corporate.
@Tiana_salal My understanding is that we choose apps to be protected in App Protection Policy. When we login these apps with Azure AD account, it is corporate data. When we login these apps with personal account, it is personal data.
Thanks for understanding.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.