MicrosoftWhat about the differentiation between taking a screenshot and sharing the screen via Teams or via airplay? We want to disable screenshots and to enable sharing the screen via Teams or via Airplay. How can this be done, when a protection policy covers all managed apps, mostly Office 365 apps?
MicrosoftGreat question! I was actually testing this feature out, today. Seems like, you're still able to screen share from Teams as normal, however, when screen sharing, managed apps will display a black screen, I tested it in a live Teams meeting and it was showing a black screen since I was in Teams but when I exited out and shared my main screen, it was visible as well as other non-managed apps.
The same behaviour I faced in my tests and that our managers had before in their meeting. It seems that you can only have all or nothing. It makes sense to share a screen with teams or via airplay. But it also makes more sense not to allow taking screenshots and store it in 'photos' app or in another folder locally on the device. Then I can also omit a protection policy and leave everything free. We use our IOS devices as COPE and we want to protect company data, but users should still be able to use it for their daily work in a way that makes sense. So the question, casse1k mentioned earlier, is, why is this not implemented in the protection policy and why is there not differentiation between these functions?
MicrosoftHello there!
Since one function is focused on security and the other on usability, both addressing distinct concerns, app protection policies and app configs enable organizations to apply these controls independently. However, from both an end-user and engineering perspective, I understand what you mentioned and it seems more logical for this specific function/config to be incorporated within app protection instead. There must be a rationale for classifying it under app config rather than integrating it directly into app protection. Now, given that Intune is a continuously evolving product, it's possible that we may see this functionality incorporated into Mobile Application Management (MAM) in the future. This is a relatively new development, and if changes occur, it wouldn't be the first time I see a feature/config migrating between different policy types or configurations.
