30.8 Viewing and Wiping Intune Protected Apps

In the Intune App Protection panel, you can view the devices belonging to a specific user who has logged into the Intune apps installed on the device. The panel displays the user’s devices if the user is logged into at least one Intune app regardless of whether an app protection policy is applied to the app or not. You can also remove app data from the logged-in apps by initiating a wipe. The information displayed in this panel is directly obtained from Azure.

To view the Intune App Protection panel:

  1. In ZENworks Control Center, click the Users section in the left hand panel.

  2. Navigate to the user whose Intune apps you want to view or wipe and click the user to open the Details page.

  3. Click the link to view the list of devices that belong to the user, in the Intune App Protection panel. The user should be directly associated with the user context linked with the Microsoft Graph API configuration. If the user of another user context is only referenced from the associated user context, then the Intune App Protection information will not be populated for the user.

    The information displayed in this panel is obtained from Azure. ZENworks uses the userprincipalname object attribute to map the user in the local user source with that in Azure AD.

To wipe the protected app data, select a device and click Action > Wipe App Data. On clicking Wipe App Data, and on confirming the Wipe action, ZENworks initiates a request with Azure to wipe the app data. Hence, the time taken to wipe the data from the app is dependent on when the app syncs with Azure. On performing wipe, corporate data is removed from all the logged-in apps on that particular device and the user is logged off from the apps.

The Intune App Protection panel displays the following information:

  • Device Name: The name of the device that belongs to the user.

  • Platform: The device platform, that is, iOS, or Android.

  • Operating System Version: The version of the operating system on the device.

  • Logged-in Apps: Displays the number of apps that the user is logged into. The count includes both protected as well as unprotected apps. Protected apps are those on which an app protection policy is applied. Whereas, unprotected apps are those on which an app protection policy is not applied.

    You can also view the status of the wipe action and other information for each logged-in app, by clicking the link appearing against each device in the Logged-in apps column. On clicking the link, the following information is displayed:

    • App Name: Name of the app.

    • Intended Policies: Names of the app protection policies assigned to the app. These include policies that are already enforced and are yet to be enforced on the app.

    • Applied Policies: Names of the app protection policies enforced on the app when it last synced with Azure.

      NOTE:Policies that are created directly in Azure and those configured using ZENworks are displayed in the intended or applied policies section. Policies that are configured in ZENworks are displayed with a link that will redirect you to the policy’s summary page in ZENworks.

    • Status: The status of the app are displayed, which are out of sync, synced, not synced, wipe pending and unprotected.TheUnprotected status indicates that the app is not included in the assigned app protection policy.

    • Last Sync: The date and time that the logged-in app last synced with Azure.