By Ele Ocholi | Intune Sr. PM
Updated 9/14/18 with a known issue. Fix is in production, but it's in safe rollout.
Apple will soon release iOS 12. All existing Intune mobile device management (MDM) and App Protection Policies (APP, also known as MAM) scenarios are compatible with this latest version of iOS. Depending on the functionality being used, there may be some impact to users who upgrade to iOS 12. Be cognizant of the following:
- Apple recommends that system administrators review documentation and prepare before updating to iOS 12. Review Apple’s iOS 12 preparedness support document: https://support.apple.com/HT209028.
- The following VPN clients will not work in iOS 12. You will need to change to the new versions of these VPN clients as soon as possible to prevent loss of connectivity:
- Cisco Legacy AnyConnect
- Citrix VPN
- F5 Access Legacy version 2.1 and earlier
- Palo Alto Networks GlobalProtect 4.1 and earlier
Note that network access control (NAC) is not supported on the newer clients at this time. See this post on our support blog for more information.
- As with other major platform updates, check app compatibility with your app providers to confirm your users' apps work with iOS 12. You’ll see a note in What’s new for the app in the Apple store or in app details online. Some apps provide day 0 support; others update over time. Ensure your users' managed apps that are deployed through Intune have been updated to a version that supports iOS 12.
- We continuously update the Intune service. You will begin to see support for new iOS 12 features in Intune as we add them into the service. These will be announced in What’s New.
- The Intune App Wrapping tool for iOS was updated to support iOS 12. iOS 12 requires that previously wrapped apps be re-wrapped with the latest Intune App Wrapping tool version.
- Tell users to update to Intune's latest version of the Company Portal, Managed Browser, and APP-supported apps. An updated version of the Managed Browser has been released to the Apple store. The latest version is required to work with iOS 12.
- If you deployed those apps via Intune, you can push an app update.
- The Intune App SDK was updated and released (8.1.1 and higher) to app owners to ensure that Intune managed apps are compatible with iOS 12. Microsoft app teams are working to update apps for compatibility with both Microsoft Intune and with iOS 12. The table below has the latest information on the apps that are updated in the store. Have your users update to the latest versions of the apps to ensure iOS 12 support.
- With the release of iOS 12, Microsoft Intune will end the support of iOS 9. Managed apps and the Company Portal app for iOS will require iOS 10 and higher to access company resources. Devices that aren't updated to iOS 10 before this September will no longer be able to access the Company Portal or those apps. Already enrolled devices will continue to receive updated policies and apps.
- System Center Configuration Manager will support existing scenarios on iOS 12 for hybrid MDM on ConfigMgr 1806 (current branch version) and ConfigMgr 1802.
Known issue: We're posting this in the Office Message Center regarding a known issue with native mail (this does not affect the Outlook app for iOS). There’s a known issue with iOS 12, EAS, and conditional access policies. Customers whose end users update to iOS 12 immediately on the September 17th expected iOS 12 availability may find that their iOS native mail app is blocked by conditional access even if they meet the criteria to pass the policies. While a fix is in production in Exchange, it is rolling out as part of the safe rollout process, so it’s possible for at most a 48-hour period after iOS releases that conditional access policies will need to be adjusted by the MDM admin to ensure continued email access on iOS devices.
How does this affect me?
Customers who use Intune or MDM for O365 managed native email profile with basic/legacy auth on iOS and have set conditional access policies may be affected. End users may notice their organization’s email access not working after upgrading to iOS 12. This issue does not impact the Outlook app for iOS.
What action do I need to take?
If you receive a report of an end user not able to connect to native email on their iOS device, then you may want exclude them temporarily from conditional access policies to allow email access. Likewise, you may also want to request your end users hold off until September 19th before updating to the latest version of iOS if you use conditional access policies without the Outlook app for iOS.
Below is the current release status of Microsoft apps with the iOS 12 supported SDK.
|Outlook||Released in the store|
|OneDrive||Released in the store|
|OneNote||Released in the store|
|Word, Excel, PowerPoint||Released in the store|
|Teams||Released in the store|
|Managed Browser||Released in the store|
|Skype for Business||Released in the store|
|Power BI||Released in the store|
|Yammer||Released in the store|
|Edge Browser (Preview)||Q4CY18|
If you find additional issues, let us know either through commenting on this blog post or reaching out to our Twitter feed @IntuneSuppTeam. You can read more on the new Intune team blog here: https://aka.ms/intuneblog.