question

Tianasalal-5152 avatar image
1 Vote"
Tianasalal-5152 asked LuDaiMSFT-0289 edited

Does App Selective Wipe work on non enrolled iOS and Android devices

I'm looking for a way to remove corporate data on non enrolled devices that are using Intune managed apps

Found documentation but doesn't mention if only for enrolled devices or Windows (https://docs.microsoft.com/en-us/mem/intune/apps/apps-selective-wipe)

I do see in the notes that user has to open the application for the wipe to work but what does Intune consider corporate data ( attachments opened from Outlook, documents opened from trusted source like OneDrive or SharePoint)

mem-intune-generalmem-intune-application-management
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

Jason-MSFT avatar image
1 Vote"
Jason-MSFT answered LuDaiMSFT-0289 converted comment to answer

Yes, this is applicable to MAM-only devices (as well as MDM-enrolled devices with MAM/APP policies) as this is an app specific operation.

It's not really about what Intune considers corporate data, it's what the app itself considers corporate data and it's up to each managed app to define this. Some apps have multi-persona support (like the Office apps in iOS and DA mode on Android) and so delete all data associated with the corporate persona. For apps on Android Enterprise, there is a corporate instance of the app that gets its data wiped.

· 4
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Tianasalal-5152 avatar image Tianasalal-5152 ·

Is it the setting in the App Protection Policy or App Configuration Policy to define what is consider corporate data?

1 Vote 1 ·
Jason-MSFT avatar image Jason-MSFT Tianasalal-5152 ·

Is it the setting in the App Protection Policy or App Configuration Policy to define what is consider corporate data?

No. As noted, it's based on the account the user logs into the app with. If it's a corporate account and accesses data from a corporate location, i.e., the login for that location is done with a corporate account, then the data is corporate,

1 Vote 1 ·
Tianasalal-5152 avatar image Tianasalal-5152 Jason-MSFT ·

When you say from a corporate location do you mean like from OneDrive or SharePoint not from accessing a word attachment in Outlook?

1 Vote 1 ·
Show more comments
LuDaiMSFT-0289 avatar image
1 Vote"
LuDaiMSFT-0289 answered LuDaiMSFT-0289 edited

@Tianasalal-5152 My understanding is that we choose apps to be protected in App Protection Policy. When we login these apps with Azure AD account, it is corporate data. When we login these apps with personal account, it is personal data.

Thanks for understanding.

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.