This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 24%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
If I am in the wrong sub, please let me know where else I should post - any help is appreciated!
We recently created an app protection policy to secure outlook and teams for users that wish to access those apps on their personal devices without fully enrolling their devices into our management. I do see that we can set access requirements to require app pin for access to the app, and we can then select to not require app pin when device pin is set. However, I am seeing that this only works for MDM enrolled devices as there is a note next to the setting that says this. Therefore, any iOS device that is MAM-WE and not in Intune, but has a phone lock passcode, is still prompted for an app pin.
My question is - Are there any other settings or policies we can set so that even unmanaged iOS devices don't need to put an app pin in if they have a device lock?
** Under conditional launch/device conditions for Android devices, we can set it to require device lock, so why can we not set the IOS policy to check an IOS for a device lock passcode before booting as well? **
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
@Madison544 Thanks for posting in our Q&A.
It is by design. Based on my understanding, iOS and Android are the same. In android article, it also describes that Select Not required to disable the app PIN when a device lock is detected on an enrolled device with Company Portal configured.
From your description, did you mean that you don't need to enter PIN to access protected app when this android device is not enrolled, and it has device lock PIN?
If there is anything update, feel free to let us know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.