@EswarKoneti-MVP Thank you very much for your extended support.

I have tested the scenario (Q3 and A3), but when I applied the configuration settings "Allow copy/paste to be affected by managed open-in" appeared as not applicable. I have tried both "Block viewing corporate documents in unmanaged apps" and "Block viewing non-corporate documents in corporate apps" and also with only "Block viewing corporate documents in unmanaged apps". the status for "Allow copy/paste to be affected by managed open-in" is not applicable in both cases.

further, I have deployed outlook from Intune as available application. Please refer the below screenshots,

@EswarKoneti-MVP thank you very much for the reply.

Below is my configurations and my iOS version of testing device is 14.7.1.

Further just to know, below scenarios does it consider as a managed or unmanaged app when deploy the application via Intune as Available. however for this testing I have installed Outlook from the company portal.

Install application via Apple store before joining to the Intune?
Install application via Apple store after joining to the Intune (not from company portal) ?

thanks again

Thank you!

Thank you @NickBrown-5266

@Prasad-MSFT Thank you very much!

@Amandayou-MSFT thank you for your reply, sorry, I use PKI certificate from enterprise CA. Please refer below screenshot.

Please also find dsregcmd /status result and I have already unrolled and enrolled back, then I also tried with different machine and user as well, but same result.

DSREGCMD /STATUS

202950-dsregcmdstatus2.txt

@Crystal-MSFT Thank you!

@EswarKoneti-MVP Thank you very much for the reply. appreciate if you can help with below concerns.

Our ultimate goal is to restrict copy-paste activities between work and personal applications.

• as per understanding, when we enroll the device without App protection policy, we can add multiple accounts right?

  
  

• so when it comes to Android, by default unable to share data between Work and personal profile and this shouldn't be the problem as long as we can add multiple accounts on personal owned work profile enrollment. Is this correct?

  
  

• so when it comes to iOS devices, if we choose BYOD-Device enrollment without app protection policies, again we can add multiple accounts right? in this case our challenge is to block copy-paste activates and I saw a settings "Allow copy/paste to be affected by managed open-in" under iOS device restrictions policy, Can we use this settings to block the copy-paste activities?

Thanks,
Dilan

@Crystal-MSFT

Thank you!

Hi @Amandayou-MSFT

it is working fine now. I think it's matter of waiting time to let policies sync with client. however it could take about 24 hours in my case.

again, thank you very much!

Thank You!

@Leymanm Not Yet for me.

Looks like I am using a free tenant and there is no license for Endpoint DLP. if you have Endpoint DLP license, I believe you need to enable at least one license to see that option for us.

Thanks,
Dilan

Hi All,

Even though I have onboard my device, Still not able to see the device setting on my location when I try to create a DLP policy.

Thanks,
Dilan

Thank you @Reza-Ameri .

I will go ahead and add this policy as well.

by enabling this policy, can we stop completely that communicating updates with Internet automatically and this won't be an any issue to update clients via SCCM right?

Thanks again,
Dilan

Thank you very much @Reza-Ameri