Validate app protection settings on iOS devices

Check that the App protection settings are working on user devices

After you set app configurations for iOS devices to protect apps, you can follow these steps to validate that the settings you chose work.

First, make sure that the policy applies to the app in which you are going to validate it.

  1. In the Microsoft 365 Business admin center, go to Policies > Edit policy.

  2. Choose Application policy for iOS for the settings you created at setup, or another policy you created, and verify that it is enforced for Outlook for example.

    Shows all the apps for which this policy protects files.

Validate Require a PIN to access Office apps

In the Edit policy pane, choose Edit next to Office documents access control, expand Manage how users access Office files on mobile devices, and make sure that Require a PIN or fingerprint to access Office apps is set to On.

Make sure that the Require a PIN or fingerprint to acces Office apps is set to On.
  1. In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business credentials.

  2. You will also be prompted to enter a PIN or use a fingerprint.

    Enter a PIN on your IOS device to access Office apps.

Validate Reset PIN after number of failed attempts

In the Edit policy pane, choose Edit next to Office documents access control, expand Manage how users access Office files on mobile devices, and make sure that Reset PIN after number of failed attempts is set to some number - this is 5 by default.

  1. In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business credentials.

  2. Enter an incorrect PIN as many times as specified by the policy. You will see a prompt that states PIN Attempt Limit Reached to reset the PIN.

    After too many incorrect PIN attempts, you need to reset your PIN.
  3. Press OK. You will be prompted to sign in with the user's Microsoft 365 Business credentials, and then required to set a new PIN.

Validate Force users to save all work files to OneDrive for Business

In the Edit policy pane, choose Edit next to Protection against lost or stolen devices, expand Protect work files when devices are lost or stolen, and make sure that Force users to save all work files to OneDrive for Business is set to On.

Verify that Force users to save all work files to OneDrive for Business is set to On.
  1. In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business credentials, and enter a PIN if requested.

  2. Open an email that contains an attachment, open the attachment and choose Save on the bottom of the screen.

    Tap the Save option after you open an attachment to try to save it.
  3. You should only see an option for OneDrive for Business. If not If not, tap Add Account and select OneDrive for Business from the Add Storage Account screen. Provide the end user’s Microsoft 365 Business to sign in when prompted.

    Tap Save and select OneDrive for Business.

Validate Require user to sign in again if Office apps have been idle for a specified time

In the Edit policy pane, choose Edit next to Office documents access control, expand Manage how users access Office files on mobile devices, and make sure that Require users to sign in again after Office apps have been idle for is set to some number of minutes - this is 30 minutes by default.

  1. In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business credentials, and enter a PIN if requested.

  2. You should now see Outlook’s inbox. Let the iOS device untouched for at least 30 minutes (or some other amount of time, longer than what you specified in the policy). The device will likely dim.

  3. Re-access Outlook on the iOS device.

  4. You will be prompted to enter your PIN before you can access Outlook again.

Validate Protect work files with encryption

In the Edit policy pane, choose Edit next to Protection against lost or stolen devices, expand Protect work files when devices are lost or stolen, and make sure that Protect work files with encryption is set to On, and Force users to save all work files to OneDrive for Business is set to Off.

  1. In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business credentials, and enter a PIN if requested.

  2. Open an email which contains a few image file attachments.

  3. Tap the attachment and then tap the Save option under it.

  4. Open Photos app from the home screen. You should see an encrypted photo (or more, if you saved multiple image file attachments) saved, but encrypted.

Related Topics

Microsoft 365 Business documentation and resources
Get started with Microsoft 365 Business
Manage Microsoft 365 Business

Expand your skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×