ms-intune-app-sdk-ios
ms-intune-app-sdk-ios copied to clipboard
msintuneappsdk
SDK Does not Propagate Updates to App Configuration Policies to Client
Describe the bug: In the admin portal, when making changes to the App Configuration policy via the Apps -> App configuration policies UI, when running...
private var identity: String! {
return IntuneMAMEnrollmentManager.instance().enrolledAccount()
}
private var appConfig: IntuneMAMAppConfig {
return IntuneMAMAppConfigManager.instance().appConfig(forIdentity: identity)
}
...those changes never seem to make it down to the client unless the app gets uninstalled and reinstalled. In other words, the values for the keys in this dictionary remain static after the initial call to registerAndEnrollAccount via OneDrive...
IntuneMAMEnrollmentManager.instance().delegate = self
if let user = OneDriveAuth.shared.currentAccount()?.username {
IntuneMAMEnrollmentManager.instance().registerAndEnrollAccount(user)
}
According to the documentation the changes should automatically propagate down on enrollment. However, we cannot trigger enrollment twice. It is uncertain from the docs how we are expected to re-enroll to pull down the new App Configuration policy.
We tried the following adjustments as well, thinking that perhaps loginAndEnrollAccount was the intended API once registration had been successful prior:
IntuneMAMEnrollmentManager.instance().delegate = self
if let user = OneDriveAuth.shared.currentAccount()?.username {
if IntuneMAMEnrollmentManager.instance().registeredAccounts().contains(where: {
$0 as? String == user
}) {
IntuneMAMEnrollmentManager.instance().loginAndEnrollAccount(user)
} else {
IntuneMAMEnrollmentManager.instance().registerAndEnrollAccount(user)
}
}
...the corresponding delegate method enrollmentRequest(with status: IntuneMAMEnrollmentStatus) was called but gave the following error:
The operation failed because the application is already enrolled
Since App Config policies get pulled down on enrollment, we aren't sure how to proceed with updating the configuration files given the API docs for the enrollment and app config managers.
If we are expected to unenroll users in some fashion on app termination or on startup to re-request the configuration policy, what are the practices and APIs recommended to do so?
To Reproduce Steps to reproduce the behavior:
- Authenticate using the code above.
- Make changes to the App Config policy through the Microsoft Endpoint Manager Admin center
- Notice that changes do not propagate to the client (you can do so with breakpoints the easiest)
Expected behavior:
When registering and enrolling on startup or similarly running loginAndEnrollAccount(identity:) to be able to see the changes to the App Config policy.
Screenshots and logs:
Smartphone (please complete the following information):
- Device: iPhone 13 Pro Max, iPhone SE (1st Generation)
- OS: iOS 15.4
Intune App SDK for iOS (please complete the following information):
-
What version of the Intune SDK are you using? Are you using the latest version? 16.0.3 (latest as of 7/15/22)
-
What platform is your app based in (native, Xamarin based, Cordova, etc)? Native
-
For errors during build, does the app build without Intune SDK integration? N/A
-
For errors post build, does the app launch without being Intune SDK integrated? N/A
-
Who is the customer? cannot say
-
Do you see a trend with it only being reproduced on a specific device? No
Additional context: Most other MAM service providers allow for making a request to their APIs looking for updates to the App Configuration policies. If this is present in InTune, this doesn't seem to be easily spotted in the documentation or the SDK itself when inspecting the sources.
Update: After further testing, we've noticed that the updates do occur, but are significantly delayed by 15-30 minutes. Is this expected and what's behind the lengthy delay?
@bmalumphy Sorry for the long delay. Yes that is expected. The device will check in with the service every 30 min to check for updates for configuration or protection policy.
