Quick tip: Location services required for enhanced jailbreak detection

This week a short blog post about an end-user experience that might be slightly unexpected when using an iOS device. That experience is the “Turn on location services” compliance message in the Company Portal app. That message is caused by the Enhanced jailbreak detection compliance policy setting, as  that setting uses the location services of the iOS device for the enhanced detection, In this post I’ll first show the mentioned end-user experience, as that’s the trigger for this post, followed by the configuration that triggers the experience.

End-user experience

Let’s start this time by looking at the end-user experience. The user will notice that the iOS device is non-complaint and after opening the Company Portal app, the user will get the message “Turn on location services” (as shown below). That message also includes the required steps to eventually enable the location services on the iOS device;

20181003_171841643_iOS

Configuration

Now let’s have a look at the configuration that triggers the mentioned end-user experience. That configuration is not part of an actual compliance policy, but is part of the overall compliance policy settings. The compliance policy settings basically describes the default behavior for compliance policies. The two steps below show how to configure the Enhanced jailbreak detection setting.

1 Open the Azure portal and navigate to Intune > Device compliance > Compliance policy settings to open the Device compliance – Compliance policy settings blade;;
2 On the Device compliance – Compliance policy settings blade, select Enabled with Enhanced jailbreak detection and click Save;
MSI-DeviceCompliancePolicySettings

Note: Keep in mind that enabling this setting impacts the battery usage of iOS devices and causes iOS devices to check-in more frequently with Microsoft Intune.

More information

For more information about compliance policy settings, please refer to the documentation about Get started with device compliance policies in Intune – Ways to deploy device compliance policies.

2 thoughts on “Quick tip: Location services required for enhanced jailbreak detection”

  1. What is difference between iOS compliance policy ‘jailbroken device’ and this ‘enhanced’ jailbroken device, next to the fact it uses location services and checks more frequent for jailbreak?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.