When OneDrive is configured as a managed app by using an Intune MAM policy, users can open the Apple iMessage app, go to OneDrive, and then attach corporate protected files.
To prevent users from attaching deep links, the General Intune iOS configuration policy can be changed. Because the app is using the Open-In feature that is controlled by the operating system, Microsoft Intune cannot change the behavior by using an MAM policy.
You can change the behavior through a Mobile Device Management (MDM) setting by using the General Intune iOS Configuration policy. To do this, change the following settings to No:
- Allow managed documents in other unmanaged apps (iOS 8.0.1 and later)
- Allow unmanaged documents in other managed apps (iOS 8.01 and later)
Note These policy settings block users from attaching the deep link to an iMessage.
OneDrive continues to protect corporate data when it is managed. The recipient is still required to have OneDrive installed and be authenticated by using an account that has access to the document. The attached files are deep links to the document within the app. iMessage is not consuming the document in any way. It is only a medium to transfer a deep link. The Only Managed Apps setting is still obeyed.
Note This applies to all file types that are managed (links that are made to resemble real files). A file shows a thumbnail only if it is originating from an unmanaged or consumer account.
ID do Artigo: 4023611 - Última Revisão: 21/06/2017 - Revisão: 9