Deploy a General Configuration Policy to iOS devices with Microsoft Intune
When managing mobile devices with Microsoft Intune, the General Configuration Policy for both iOS and Android should not be forgotten. You have the option to manage platform specific settings that are not available in the Common Mobile Device Settings policy. In this post we’ll cover how you can create and deploy a General Configuration Policy for iOS devices with a made up scenario where we’d want to disable the App Store, meaning that end-users cannot install apps.
A General Configuration Policy gives you the option to manage the following sections on iOS devices:
- Device Capabilities
- Compliant & Non-Compliant apps list for iOS
For a detailed explanation of all the settings that you can control with a General Configuration Policy, I suggest that you take a look at the documentation on TechNet:
What’s a General Configuration Policy
If you want to manage for instance passcode requirements including the complexity parameters, allow or disallow the ability to take screenshots on the iOS device, block backups to iCloud or like we’re going to demonstrate in this post, how to disable the App Store you need to create a General Configuration Policy. This policy is different from the Custom Configuration Policy, since the General Configuration Policy provides a set of defined settings that you can control, while a Custom Configuration Policy lets you directly configure specific OMA-URI settings.
It’s recommended that before you start disallowing or allowing certain settings in a General Configuration Policy, come up with a strategy and have an idea what you want to accomplish. It’s easy to lock down a device to tight and disrupt end-users from not being able to be productive.
There’s not really much to mention here since Microsoft Intune does a great job in telling you exactly what version and above of iOS each setting requires. In general, you should be running at least iOS 7.1 or later to take advantage out of most of the settings available.
Create a General Configuration Policy
Just like with any other policy in Microsoft Intune, General Configuration Policies can be created from the Policy workspace in the Microsoft Intune administration console. Below we’re going to walk through the creation process of a General Configuration Policy for iOS, and the goal is to prevent end-users from using the App Store. In this scenario, I’ve created an Intune user group called IT-Department that my test user is a member of. The General Configuration Policy that we’ll create will be deployed to this user group. You could also deploy the policy to a group of devices, but on a general note, it’s much faster with user groups and they can be dynamic.
NOTE! If you decide to actually prevent the usage of the App Store in production, be aware that you’ll not be able to deploy deep links or even Managed apps since they will simply not install (I was not able to find any documentation on this, but found this out when testing this functionality in my lab).
1. Log on to manage.microsoft.com with a Global Administrator account.
2. Select the Policy workspace, click on Configuration Policies and then click on Add.
3. Expand iOS, select General Configuration (iOS 7.1 or later) and click on Create Policy.
4. Name your policy, for instance iOS – Disable App Store and give it a description.
5. Scroll down to the Applications section (or click in the left pane) and locate Allow application store (iOS 7.1 or later). Click on the slider to turn on the setting and set the value to No.
6. Click on Save Policy.
7. When prompted about deploying the newly created policy, click Yes.
8. Select your user or device group (in this case I’d be selecting my IT Department user group), click on Add and then click OK.
You should now have a new General Configuration Policy for iOS named iOS – Disable App Store.
Let’s take a look at the end-user experience before our General Configuration Policy has been applied. As you can see, the App Store is available for the user to access:
Once the General Configuration Policy has been applied, the App Store disappears:
That concludes this post regarding General Configuration Policies for iOS deployed with Microsoft Intune. As you might have noticed, this was just a demonstration of what you can accomplish with a General Configuration Policy.
Chief Technical Architect and Enterprise Mobility MVP since 2016. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows devices and deployments including automation. Awarded as PowerShell Hero in 2015 by the community for his script and tools contributions. Creator of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService to name a few. Frequent speaker at conferences and user groups.