63189: Acronis Cyber Files for iOS: only users with assigned MAM or MDM policy can enroll with Intune managed app

use Google Translate

Applies to: 

Last update: 05-06-2020

From Acronis Cyber Files iOS app version 8.3 on, users with Intune managed app must have assigned policy for Mobile application management (MAM) or Mobile device management (MDM) in order to be able to use the app.

Settings

To allow Intune managed Acronis Cyber Files app to connect to the server, Files Advanced server administrator must enable Allow Intune managed iOS client option in the Default Access Restrictions section or for each Gateway server.
These settings are located in Mobile Access > Policies > Default Access Restrictions (for the default access restrictions) and in Mobile Access > Gateway Servers > Details > Access restrictions (for individual Gateway servers access restrictions).

To force only Intune managed Acronis Cyber Files app to connect to the server, Files Advanced server administrator must enable only the Allow Intune managed iOS client option in the Default Access Restrictions section or for each Gateway server.

To require that users enroll with Intune after logging in to Files Advanced app, Files Advanced server administrator must enable the Trigger Intune Mobile Application Management enrollment option in User Policy > Server Policy or in Group Policy > Server Policy.

User scenarios

When Trigger Intune Mobile Application Management enrollment is enabled, only users with an Intune policy can enroll. It is no longer enough that they have a valid Intune license and could connect to the Intune service.  If there are users who were already enrolled, but don’t have currently a MAM or MDM policy, they will be automatically un-enrolled from Intune.

The following scenarios are possible:

  1. Users with Intune managed app try to enroll, but they don’t have an MAM or MDM policy. In this case, they will be notified that the required Intune policy is missing and will be prompted to contact their administrator.
    Unless they get a correct Intune policy, they will not be able to complete enrollment. 
  2. Users upgrade from an older version to version 8.3, but they don’t have the correct Intune policy.
    In this case, they are shown a message that the required Intune policy is missing, and a prompt to contact their administrator. Also, their app goes in restricted mode. To proceed, the users must reenroll to Intune via the Enroll now prompt or via the Settings menu > Enrollment – the path depends on whether their Files Advanced administrator has allowed only Intune managed apps to connect to the server, or not.
    If the users still don’t have a correct Intune policy, they will not be able to complete enrollment and will not be able to use the app anymore.
  3. Logged-in users are stripped of their Intune policies.
    In this case, after Intune policy sync, the users are shown a message that the required Intune policy is missing, and a prompt to contact their administrator. Also, their app goes in restricted mode. To proceed, the users must reenroll to Intune via the Enroll now prompt or via the Settings menu > Enrollment – the path depends on whether the Files Advanced administrator has allowed only Intune managed apps to connect to the server, or not.  If the users still don’t have a correct Intune policy, they will not be able to complete enrollment and will not be able to use the app anymore.

Note: Syncing of the Intune policies may take up to 12 hours, so there might be a significant lag between a change in the Intune policy and a change in the ability to log in to the Files Advanced app.