This week another blog post that is triggered by a feature that is introduced in ConfigMgr 1602. And again, it’s about a feature that already did exist in Microsoft Intune standalone. This post will be about the App Configuration Policies for iOS apps. These policies can make the life of an end-user a lot easier and are a very welcome addition to Microsoft Intune standalone and Microsoft Intune hybrid.
For now the biggest challenge might be finding the apps that support App Configuration Policies and, maybe even more important, apps that have the settings documented. During the deployment of an app via ConfigMgr, or Microsoft Intune, it’s already visible if an app could support App Configuration Policies. However, a lot of apps have the potential, but not yet the complete implementation.
Introduction
App Configuration Policies in Microsoft Intune hybrid and Microsoft Intune standalone, can be used to supply settings that might be required when the end-user runs an app. Settings that the end-user would have to specify manually. Think about settings like, a server name, a custom port number, a user name, a password, specific language settings and specific security settings.
If these settings are incorrectly entered by the end-user, this can increase the burden on the service desk, and can also slow the adoption of new apps. App Configuration Policies can help with eliminating these problems by letting the organization deploy these settings to the end-users in a policy before they run the app. The settings are then supplied automatically, and the end-user doesn’t have to perform an action.
These App Configuration Policies are not deployed directly to users and devices. Instead, they are associated with a deployment type during the deployment of the application. The policy settings will be used whenever the app checks for them (typically, the first time it is run).
Configuration
App Configuration Policies are configured per app, because every app supports different settings. In the following configuration examples I’m using the Acronis Access app as an example. During the configuration I will use one specific configuration setting, named enrollmentServerName. For all other supported Acronis Access app configuration settings, please refer to: https://www.acronis.com/en-us/support/documentation/AcronisAccessAdvanced_7.0/index.html#28935.html
Microsoft Intune standalone
The configuration of App Configuration Policies in Microsoft Intune standalone can be achieved by performing the following steps. After the configuration of the App Configuration Policy, it can be used during the deployment of the Acronis Access app.
| 1 | In the Microsoft Intune administration console, navigate to POLICY and click Add..; |
| 2 | In the Create a New Policy dialog box, select iOS > Mobile App Configuration Policy and click Create Policy to open the Create Policy page; |
| 3 |
On the General section of the Create Policy page, specify the following information.
|
| 4 |
In the Mobile App Configuration Policy section of the Create Policy page, specify the following information and click Verify;
|
| 5 | After verifying the created configuration, click Save Policy. |
Microsoft Intune hybrid
The configuration of App Configuration Policies in Microsoft Intune standalone can be achieved by performing the following steps. After the configuration of the App Configuration Policy, it can be used during the deployment of the Acronis Access app.
| 1 | In the Configuration Manager administration console, navigate to Software Library > Overview > Application Management > App Configuration Policies; |
| 2 | On the Home tab, click Create new Application Configuration Policy to open the Create App Configuration Policy Wizard; |
| 3 |
|
| 4 |
Note: Select Browse to a property list file (for more complex property list files with nesting) for adding more advanced configurations, or for adding the configuration in an XML format (like with the Microsoft Intune standalone configuration). |
| 5 |
|
| 6 |  Back on the iOS Policy page, verify the created configuration and click Next. |
| 7 | On the Summary page, click Next. |
| 8 | On the Completion page, click Close. |
End-user experience
Now it’s time to look at the end-user experience. This time I will show the first start of the Acronis Access app after installation. The first screenshots shows the default start of the Acronis Access app and the second screenshot shows the start of the Acronis Access app after deploying the app together with the App Configuration Policy. As I don’t really have a server to connect to, it stops at the connection screen in which it did configure my custom server URL.
| Before | After |
 |
 |
More information
For more information about iOS with mobile app configuration policies, in Microsoft Intune standalone and Microsoft Intune hybrid, please refer to:
- Configure iOS apps with app configuration policies in System Center Configuration Manager: https://technet.microsoft.com/en-us/library/mt627960.aspx
- Configure iOS apps with mobile app configuration policies in Microsoft Intune: https://technet.microsoft.com/en-us/library/mt481447.aspx
Nice article. Do you know if Microsoft have released App configuration policies for their apps? More specifically Skype for business and Onedrive. So that we can auto populate the info?
At this moment there are no app configuration policies for Microsoft apps available.
I followed this to the letter and I am not able to get this to work with the iOS Alertus+ App. I am not exactly sure what I am doing wrong but it looks like the baseline for the policy doesn’t deploy correctly
The app configuration settings mentioned in the post are not applicable to every app. Do you have the available app configuration settings for that specific app?
I am going off of the fields I see when I manually set up the app and the information provided to us by the vendor.
Does that mean that the vendor provided you with specific keys that can be used in an app configuration policy?
I apologize they provided us with the answers to the fields – but not the names to the actual fields. I pulled that information from the app itself. I can send you screenshots and the XML if you would like I would just rather not post them online.
You need to have the actual keys. Based on those keys the app configuration can be configured. Without those keys there is no way Intune (or any other MDM) can manage the settings.
Hi Peter. I see in May this year you mentioned there were no Config Policies for Microsoft apps. Is that still the case.
I’m running an MDM platform that allows Application Configuration for iOS apps and a customer is after this for the Microsoft Outlook app. Is this possible?
Thanks
Simon
Hi Simon,
No, to my knowledge the app configuration for the Microsoft apps is not yet available.
Peter
Thanks Peter
Hi Peter,
“No, to my knowledge the app configuration for the Microsoft apps is not yet available.”
It is still the same 1 year after? I need it to block copy/paste or generally the clipboard within Powerpoint mobile ios app.
Thanks
Luca
Hi Luca,
You’re asking two different things. There is currently no news about app config for the Microsoft apps (except for the Intune Managed Browser). However, blocking copy-paste is not app config, that’s MAM. MAM is available within Intune in all different shapes (MAM, MAM-WE, MAM CA).
Regards,
Peter
Hi Peter,
Another nice article you got there. Thank you for sharing.
I’m currently in the process of distributing over 500 IPhone already in the DEP. Everything works fine but we would like to deploy Microsoft Company Portal through VPP and Apple Push so we could have a better management experience.
But according to your article, there is still no way to configure any Microsoft application with app configuration policies. I would have liked to deploy this app to the users with they’re username already on the logon page.
How ironic is it that Microsoft apps aren’t even configurable with their own mecanism on Intune.
Hi Jonathan,
Keep in mind that this post is written more than a year ago. However, that being said, not much has changed. To my knowledge only the Intune Managed Browser has some configuration options. Also, keep in mind that it’s not a limitation to Intune but to the apps..
Regards, Peter