Share via

Possible to block just Screen Recording but not Screenshots?

Jacob Rathbun 20 Reputation points
2023-12-07T23:35:19.3433333+00:00

Previously, when enabling the blocking of screen capturing for iOS devices, and then setting a group to exclude that. Users in the group to be included could not screen capture or screen record. While users in the exclude group, could screen capture, but not screen record. Recently, after going through settings and modifying some. Users in the exclude group can now also screen record.

First Option

In Microsoft Intune Admin Center > Devices > iOS/iPadOS > Configuration profiles > Create New Policy > templates > device restrictions > general > you get a toggle option for Block screenshots and screen recording [yes or not configured]

Second Option
In Microsoft Intune Admin Center > Devices > iOS/iPadOS > Configuration profiles > Create New Policy > settings catalog > + add settings > restrictions > Allow Screen Shot > set to true [which states disables saving a screenshot of the display and capturing a screen recording]

With this set to yes or true, users in the include list cannot screen record or screen capture, but users in the exclude can screen record and screen capture.
I'm wanting the ability to make users just have one or the other, and not have them tied together. So, a yes option for screen capture, and a no option for screen recording. Is there a way to manually do this?

Microsoft Security | Intune | Security
Microsoft Security | Intune | Microsoft Intune iOS

Answer accepted by question author

Crystal-MSFT 54,311 Reputation points Microsoft External Staff
2023-12-08T01:42:34.2366667+00:00

@Jacob Rathbun, Thanks for posting in Q&A. From your description, I know you want the setting to block just Screen Recording but not Screenshots. But in Intune, we don't find the setting. If there's any misunderstanding, feel free to let us know.

In fact, for the setting in Intune, it is developed based on the APIs which are provided by Apple MDM. Based on my researching, I find there's no such setting provided by Apple MDM. It only has the setting to block both. Therefore, there's no such setting in Intune.

https://support.apple.com/en-sg/guide/deployment/dep0f7dd3d8/web

Note: Non-Microsoft link, just for the reference.

You can feedback to Apple MDM to see if they can add this feature in the future.

Thanks for your understanding.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Was this answer helpful?

2 people found this answer helpful.
0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.