By Derrick Isoka | Sr. PM & Andy Cerat | Sr. PM
Updated 9/13 with a comment on modern auth. Updated 9/20 with a known issue with the Apple mail app in iOS 11 and O365. Updated 10/3 with confirmation that 11.0.1 fixes the known client issue. Updated 10/16 with a new known issue.
As announced today, Apple will soon release iOS 11. Through our testing with each beta release, all existing Intune mobile device management (MDM) and Intune App Protection (also known as mobile app management or MAM) scenarios are compatible with this latest version of iOS. Based upon our testing of preview versions, and our experience from past platform updates, please be aware of the following:
- As with other major platform updates, check app compatibility with your app providers to confirm your users' apps work with iOS 11. You’ll see a What’s new for the app note in the Apple store or in app details online. Some apps provide day 0 support; others update over time. Ensure your users' managed apps that are deployed through Intune have been updated to a version that supports iOS 11. The list of Microsoft applications that support the Intune SDK are highlighted at the end of this blog post, below.
- Encourage your users to update to Intune's latest version of the Company Portal, Managed Browser, and MAM-supported apps. An updated version of the Managed Browser was released to the Apple store in late August. The latest version is required to work with iOS 11.
- Fixed! See https://support.apple.com/HT208136 for more information.
Due to an incompatibility in the new release of iOS, users of the built-in Apple Mail app in iOS 11 may be unable to sync their Office 365 mailbox or login to their accounts. iOS 9 or iOS 10 users are not affected. Microsoft and Apple are working on a fix. This was also posted in the Office Message Center as post MC119966 and a support KB article is here: https://support.microsoft.com/help/4043473/you-can-t-send-or-reply-from-outlook-com-office-365-or-exchange-2016-i.
- iOS 11 changes how the "Open in app filtering" functionality works in Intune. Intune MAM-managed apps will encrypt files before transferring data to unmanaged apps.
- The Outlook Groups app will not be updated to support the iOS 11 changes in the Intune SDK. For more information on the roadmap for Outlook Groups please visit this Office blog here.
- When signing in to an Exchange account in the iOS Mail app, end-users will see a sign-in prompt hosted in a web view control similar to the sign-in experience on Office mobile apps. End users will no longer receive a quarantine email. Upon enrollment, users are prompted to allow the Mail app to access a certificate. Admins should ensure that conditional access policies are set for mobile client apps on iOS (i.e. apps that support modern authentication). This is in addition to conditional access for Exchange ActiveSync. If you would like more information on this topic, we communicated this in advance in both the Office Message Center (OMC post #MC117271) and included screen shots for you to use in your end-user guidance in What’s New in the UI.
- With iOS 11, Apple has provided modern authentication (Oauth) to users when manually setting up an Exchange account for the Mail app. However, Exchange Profiles setup via MDM will only continue to work with traditional (basic) and Cert based authentication.
- The Intune App Wrapping tool for iOS was updated to support iOS 11. As we shared already, iOS 11 requires that previously wrapped LOB apps be rewrapped with the latest Intune App Wrapping tool version. We requested that customers with LOB apps on iOS rewrap their apps through a communication in the Office Message Center back in July - OMC post #MC110419.
- The Intune App SDK was updated and released to app owners to ensure that Intune managed apps are compatible with iOS 11. Microsoft app teams are working to update apps for compatibility with both Intune and iOS 11.
- Drag and drop is a new feature in iOS 11. The latest version of the Intune App SDK disables this feature while we design a data containment solution for this new capability.
- We recommend using the Warning or Blocking by App Version policy setting to help ensure your users are using apps with the latest version of the Intune SDK.
- The Files App lets you view, preview, organize, store, and share files from iCloud and other cloud-based providers such as OneDrive for Business. Files App is fully supported for OneDrive for Business with your organization's Intune App Protection Policy controls.
- With the release of iOS 11, Microsoft Intune will end the support of iOS 8. Managed apps and the Company Portal app for iOS will require iOS 9.0 and higher to access company resources. Devices that aren't updated will no longer be able to access the Company Portal or those apps. We communicated about this in both the Office Message Center OMC post #MC 108155 and in What’s New.
- System Center Configuration Manager 1702 and 1706 will support existing scenarios on iOS 11 for hybrid MDM.
- There’s a new reported known issue we’re working with Apple to resolve. If the device management setting for ‘Viewing corporate documents in unmanaged apps’ is set to 'Block', users may be unable to share unmanaged app data such as photos and contacts through the Messages app.
Below is the current release status of Microsoft apps with the iOS 11 supported SDK.
|Word, Excel, PowerPoint||2.4||Released|
|Skype for Business||6.17.2||Released|
|Yammer||TBD||Expecting Mid-Sept Release|
|Dynamics CRM||TBD||Expecting October Release|
If you have any lessons learned or experience "gotchas" with iOS 11 and Intune, let us know. To contact support, head here.