12.4.0

What's New

• Added new PhotoLibrary hooks to manage apps saving photos to unmanaged locations.
• Removed references to UIWebView as Apple is actively rejecting new apps that have the deprecated class references even if it's not using it.

Bug Fixes

• Fixed the issue where TreatAllWebViewsAsUnmanaged wasn't blocking data leak as pasteboard operations happened asynchronously.
• Prevent require accounts enforcement on MDM configurations when the required account app config isn't set.
• Fixed a bug in share extension which would skip PIN screen if it was previously cancelled and then re-opened.
• Fixed a URL encoding bug where documents with "&" in the name wouldn't open in the destination app.
• Fixed issue in Required account enforcement that caused protectAllIncomingUnknownData policy to be enforced when it shouldn't.
• Fixed issue with duplicate version warning prompts being displayed at launch.
• Fixed issue with internal management state not resetting on failed enrollment.
• Fixed issue with partial wipe for a failed enrollment status

12.3.1

What’s New

• Support for Org Account Required for MDM feature. Apps get this for free!

• Added support for cut/copy/paste operations in all webviews to be treated as unmanaged based on the boolean intune setting 'TreatAllWebViewAsUnmanaged' set by the app to prevent data leak to external websites. Use this setting if the app uses webviews in managed context to display web-content that isn’t completely controlled by the app and could allow the user to navigate to external websites.

• Updated pasteboard code to be aware of MD5 hashes as well as SHA256.

• Added com.microsoft.intune.intunemamonly.alwaysApplySaveCopiesOfOrgDataPolicy config to control whether save-as policy is applied when app-to-app sharing is unrestricted.

Bug Fixes

• Flag fix for SSH

• Moved example argument plist, license, and third party notice out of code directory for AppWrapper DMG

• Fixed the issue of multiple IntuneMAMDataProtectionDidChangeNotification being sent.

• Added line break to alert dialogs to stop apple bug that is truncating our alerts.

• Fixed issue where image save was not being blocked when long pressing on images within a WKWebView.

• Fixed issue where PIN screen could get into a bad state if the user quickly taps on text boxes or prompt text while it is displayed.

• Fixed issue where opening a managed web-link would not require Edge to switch to the managed user.

• Fixed issue in wrapped apps where the app-update button would exit the app without opening the company portal app for updating the app.

• Fixed a regression that was causing an early return in import hooks in file-provider extension.

• Fixed issue where UIApplication canOpenURL could be called from Today extensions.

12.2.0

What's New

• Added new data transfer API,isOpenFromAllowed, which requires app participation. See the development guide for more details.
• Added new UI helper API for data transfer, showSharingBlockedMessage, which requires app participation. See development guide for more details.
• Made boot time performance improvements.
• Prompt users for credentials when the app provides a nil UPN value to loginAndEnrollAccount after a previous unenrollment.
• Set content mode on WKWebView passed to ADAL to fix auth issues related to macOS user-agent being used on iPadOS.
• We no longer block when switching from one account in a tenant to another in the same tenant.
• Added support for MSAL version 0.7.0+.
• Return errors from IntuneMAMFileProtectionManager encryptFile / decryptFile methods.

Bug Fixes

• Fixed issue where pin text field would not have focus when pin length requirements changed from <= 6 characters to >= 8.
• Fixed WKWebView issue where anchor onclick not getting called when href='#'.
• Allow single identity apps to set thread and process identity to temporarily disable policy.
• Fixed issue in QuickLookWrapper to support password protected documents.
• Fixed issue where Apple app store review might flag some MSAL API calls as private system API calls if the app does not link against MSAL.
• Fixed WKWebView issue where iframe links would load in main frame.
• Fixed crash when using 'lookup' on selected text.
• Fixed issue where app PIN is sometimes is displayed after app resume when not required when device PIN is set.
• Fixed issue where MAM-CA apps would get stuck on the 'Still trying...' screen if already enrolled when starting MAM-CA check.
• Fixed issue where unmanaged identities were not fetching 3rd party MDM settings
• Fixed issue where SDK was interpreting minutes from service as seconds
• Fixed issue where offline timeout was calculated incorrectly.
• Fixed issue where the SDK was encrypting WPJ state stored in a named pasteboard breaking some Authenticator scenarios.
• Fixed issue where the UIApplicationLaunchOptionsURLKey value was getting stripped out of the launch options dictionary.
• Fixed issue where opening iCloud files from the files app would fail when the file wasn’t downloaded to the device.

12.0.18

New Features

• Added support for blocking keyboard dictation based on app protection policy. Stay tuned to What's New to see when it will go live for admins.
• Added in functionality to use retry timing from the location service.
• Added in functionality to recognize managed web links.
• Added support for multi-window brokered auth with ADAL 2.7.15+ and 4.0.3+.
• Support for Mobile Threat Defense feature that allows IT admins to block access to app if the selected MTD app evaluates a device as non-compliant. Developers must include the list of supported MTD app schemes in their Info.plist file. This can be done using the Configurator Tool. Please see the dev guide for the list of schemes.
• Added support to set secondary foreground and background colors.

Bug Fixes

• Fixed issue in Swift frameworks where apps built with Xcode 11.2 won't compile. Moving forward, developers should be able to update to a newer version of Xcode (more specifically, a newer version of the Swift compiler) without needing to update the Intune SDK.
• Fixed simulator-only crash that can occur when calling openURL on an invalid URL
• Fixed VoiceOver accessibility bug in the Diagnostics Console.
• Fixed race condition in conditional launch timeout calculation.
• Fixed issue where users could not re-authenticate after an offline timeout.
• Fixed issue where the diagnostic console won't dismiss if the application is not managed.
• Fixed crash when resetting the application PIN.
• Fixed issue where the user could continue to use the application when a restart is dialog is displayed by the SDK if the application supported multiple windows.
• Fixed bug where the keyboard may not display for the loginAndEnrollAccount authentication UI.
• Fixed issue where websites using NTLM auth which were normally accessible via a SFSafariViewController were not accessible when managed.

12.0.12

New Features

• This version is required for apps built with Xcode 11. Developers should also make sure to run version 12.0.12 of the IntuneMAMConfigurator against their info.plist, as there have been breaking changes in the info.plist config requirements needed to support Xcode 11.
• This version supports iOS13's Multiple windows. If you are not planning on implementing UISceneDelegate, you can stop reading now, your app will continue to work. If you are using UISceneDelegate we have introduced four new required API's. If you implement UISceneDelegate and do not use the new API's, there will be a data leak. Here are the four API's that have been extended to accept a UIWindow: setUIPolicyIdentity, getUIPolicyIdentityForWindow, policyForWindow and a new method has been added to IntuneMAMPolicyDelegate: identitySwitchRequired. Please go through your code and move your existing use of these APIs to the new form.
• Added support for iOS 13 Dark Mode. If applications do not want the Intune SDK’s default UI color scheme to observe the system dark mode setting, developers should add a boolean entry to the IntuneMAMSettings dictionary with a key name of “SupportsDarkMode”, and set it to ‘NO’.

Bug Fixes

• Fixed issue where the user was not prompted to set a device PIN when required by policy.
• Fixed deadlock in PowerBI.
• Fixed bug where Lookup would not run on correct data for certain WebViews.
• Logging perf improvements. No logging to disk at boot time.
• Added reporting to the service for reasons behind user triggered selective wipes. This will eventually be surfaced in Intune Reporting in future release.

11.2.0

What's New

• Transition from MD5 to SHA256 hashing for log/pasteboard obfuscation. This feature will be enabled via the MAM service after enough apps have adopted version 11.1.4+, to avoid disruption to end users by breaking pasteboard compat between older/newer SDKs.

Bug Fixes

• Fixed Xcode warning about global header not being included in the umbrella header.
• Fixed bug where PIN text color did not match custom foreground color, if set.
• Fixed crash on iOS 13.1 when sharing files via UIDocumentInteractionController.
• Fixed crash on launch when attempting to log an error.
• Fixed issue that prevented importing the Swift framework module for simulator.

11.1.2

What's New

• Added support for ADAL 4.0.
• Added support for MSAL 0.5.0. Please review the Intune SDK for iOS developer guide for more information.
• To make our APIs available in Swift, apps can now simply use a module import statement, rather than an Objective-C bridging header.
• Added a new IntuneMAMSettings class with backgroundColor, foregroundColor, and accentColor properties that can be used to customize the color scheme of the Intune SDK UI components. See the new header: IntuneMAMSettings.h
• Moved some settings-related and diagnostics-related APIs out of IntuneMAMPolicyManager and into the IntuneMAMSettings and IntuneMAMDiagnosticConsole classes. Existing methods/properties have been deprecated and calling them will produce a warning in Xcode. Apps should transition to the new APIs as soon as possible.
• IntuneMAMDiagnosticConsole displayDiagnosticConsoleInDarkMode:(BOOL)isDarkMode is now deprecated. Calling this method will produce a warning in Xcode. Apps should transition to using the custom color settings in the IntuneMAMSettings class mentioned above, and instead call IntuneMAMDiagnosticConsole displayDiagnosticConsole.
• FileProvider: Memory optimization for Intune File Provider library.

Bug Fixes

• Fixed bug where we could incorrectly block a managed user from copying a file from one managed location to another.
• Fixed an issue where we would clear the pasteboard when the ingress policy was set to restrict to managed apps and the paste board policy was unrestricted.
• Fixed a hang on iOS 10 caused by an iOS bug where deallocationg an NSOutputStream from a dispatch_once block never returns.

11.0.13

What's New

• Move from dynamic Swift hook symbol lookup to compile-time solution. This allows 1st party partners to consume our Swift static lib without needing to export our symbols. If you use the Swift framework, you should take this drop, this release fixes a crash in app load in dyld that we started seeing in iOS13 Beta 3.

Bug Fixes

• Fixed issue where managed files could not be transferred from a managed app to a managed share extension.
• Fixed crash in IntuneMAMWalledGardenSwift framework when applications are compiled with XCode 11.
• Update openURL enforcement of admin-specified browser policy to preserve the s when transforming URLs. Assume an admin specified awb as a custom browser scheme for Intune to open all managed URLs into. If an Intune user opens a url with scheme http. Before, Intune would transform https://example.com into awb://example.com. Now Intune will preserve the s. https://contoso.com becomes awbs://contoso.com.

11.0.8

What's New

• iOS13: We are adding a preemptive policy to allow ITPro's to block beta iOS versions by setting an app config policy called 'IntuneMAMMaxOsVersion' and setting it to '13.0' (or 14.0 if AAPL is superstitious). This feature requires no work on your part, just take the new drop.
• Expose API for upcoming Notification Restriction policy. Refer to notificationPolicy in IntuneMAMPolicy.h.

Bug Fixes

• Build: Corrected an error in the build script where we would not copy the resource bundle.
• Build: Fixed a build bug that resulted in the Framework not having simulator architectures.
• iOS13: Fix hang in UIActivityViewController.
• Swift: Fixed issue where we were not copying swiftmodule from simulator into universal fw
• Swift: Fixed issue where we were not setting CFBundleSupportedPlatforms in the Info.plist correctly. Do not build swiftstub with bitcode enabled.
• Swift: We now build a static library version of our 1st party Swift SDK for internal Microsoft partners who require this.
• Intune PIN: Fix error where PIN length changes would result in the keyboard losing focus prematurely.
• Intune PIN: Prevent autocomplete bar from appearing during 4-6 numeric PIN entry.

11.0.3

Bug Fix

• Fix issue with previous build.