Intune Admins, Action Required: Update Conditional Access Policies

by Armen Gharibian
Practice Leader – Desktop & Applications

Apple will be releasing a new Operating System for iPads starting on September 30^th 2019 called iPadOS.  The release of this new OS, Intune administrators should review existing Conditional Access Policies. According to Microsoft:

This change affects apps that use Conditional Access and that identify as macOS apps instead of iOS apps. In reviewing your Conditional Access policies, you’ll want to focus on whether you provide a different app experience between macOS and iOS. In addition, you’ll want to review Conditional Access policies in Azure AD that use the affected app categories.

The breaking change affects enforcement of your Conditional Access policies on iPad running iPadOS in the following scenarios:

• Web application access using Safari browser
• Apple Native Mail access
• Native application access that uses Safari View Controller

In these cases, Azure AD Conditional Access treats any access request as a macOS access request.

Traditionally, Conditional Access Polices are applied on an OS specific basis (e.g. iOS, MacOS,Windows, Android, etc) and iPads have always fallen under the iOS category.

It’s extremely important to review your existing Conditional Access policies to determine if there are any browser-based Azure Active Directory Conditional Access policies for iOS that control access from iPad devices in your environment.  If this is the case, create an equivalent macOS Azure AD browser access policy to ensure no lapse in Conditional Access coverage.

See the original Microsoft article here.

Read more about iPadOS new features  here.

If you have any questions or need assistance your Conditional Access Policies, please contact us at service@helient.com.