top of page

Exceptions to the Intune App Protection Policy (APP) data transfer policy

An exception allows you to specifically choose which unmanaged apps can transfer data to and from managed apps.

A URL identifier is a unique name that each iOS application must have. Using this name an existing application on an iOS device can call upon that app to perform actions, such as open a file.

  • In iOS device you can use URL protocol to exempt unmanaged app from app protection policy

  • Once we have the URL protocol of the unmanaged application then we can open unmanaged application URL from the managed application with any issue.

  • Example :- If we have WebEx meeting invite via URL on Outlook and we have already exempted WebEx application. Now if we click on WebEx link on outlook application then it will open WebEx application.

  • Please note:- We cannot exempt attachment transfer from managed to unmanaged application when Send org data to other apps is set.

  • If you would like to use App protection policy on a third-party application then you need to wrap the application so that application can be MAM aware.(This works for LOB application not for store application)

iOS data transfer exceptions

For a policy targeting iOS/iPadOS, you can configure data transfer exceptions by URL protocol. To add an exception, check the documentation provided by the developer of the app to find information about supported URL protocols. For more information about iOS/iPadOS data transfer exceptions, see iOS/iPadOS app protection policy settings - Data transfer exemptions.

E.g: If we want to open Salesforce and set it in URL exception.

There are a few URL identifiers below that we have found to be useful**

Salesforce - salesforce1

Webex - wbx

Zoom Cloud Meetings - zoomus

Slack - slack

Apple Maps - maps

Google Maps - googlemaps

Docusign – Docusignit

Go To Meeting - gotomeeting

AutoCAD DWG Viewer and Editor - autocad

Waze - waze

Amazon Chime - chime

BlueJeans - bjn

Google Meet - gmeet

RSA token - RSA

**Please validate the identifiers in case of an updates from developer.

bottom of page