Issue implementing the Intune SDK : app can't open files

[AntoineRuf-px]

We implemented the Intune SDK for iOS into our application, which allows the user to open files with a certain file extension. These file extensions are correctly contained within the various sections of the Info.plist (CFBundleDocumentTypes and UTExportedTypeDeclarations.) The non-Intune version of the app opens files without an issue. The Intune version doesn't even seem to receive the URL request, according to our testing.

A user is enrolled with the company portal, and app protection policies are enabled (the only one we enabled is the PIN). Enclosed you'll find the IntuneMAMDiagnostic dialog (anonymized). It seems there are URLs requests for the file here, but it seems to me that the Intune SDK prevents the app from receiving those requests.

Could you help me understand what is going on ? We'd like for our users to be able to use Intune with our product.

Device tested is an iPhone 14, iOS 18.1 SDK version is 20.1.2. IntuneMAMDiagnosticFiles.txt

Best regards,

Antoine Ruffion.

[jitheshncxe]

Thanks @AntoineRuf-px for reporting...Let me please go through the log and update you...

[jitheshncxe]

@AntoineRuf-px could you please list the file name/extensions which are blocked after integrating the application with MAM SDK?

[AntoineRuf-px]

Hello @jitheshncxe , The app doesn't seem to be able to open any files after integrating. Most of the files concerned here have proprietary extensions. The two extensions used inthe logs I have provided are ".zed" and ".zaf".

[jitheshncxe]

Hi @AntoineRuf-px, checking the MAM logs I see the policies are applied successfully. I am not sure if one of the policies is causing the issue you are seeing, specifically the one OpenDataFromManagedLocations = 23 which indicates data can be accessed only from Photo Library, OneDrive, SharePoint & Camera, whereas the file path I could find in the log is like file:///private/var/mobile/Containers/Data/Application/0936B2A6-2FA8-40B5-B98B-0D1E13C1B54A/tmp/.IntuneMAM/C666C4A9-6B73-423C-9206-FB2665940633/Alice.zaf. So, could you please share some more details I listed below?

1. Screen recording of the file open procedure (If this is initiated from UI of your application).
2. What is the file location.
3. The app code to open files.
4. The error received from app file open method.

[AntoineRuf-px]

Hello @jitheshncxe ,

I have been able to control whether this policy causes the issue, but I don't think it does : from my understanding, the "OpenDataFromManagedLocations" app policy is superseded by the "Receive Data from Other Apps" app policy, which I set to "all apps". Am I wrong in assuming so ? Looking at this article : https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-log , it also seems that a setting to add "Local Storage" to the list of acceptable locations to read from exists. However, I don't seem to be able to activate this feature into my Intune console. Is there an issue there, or is that a deprecated parameter ?

I would also like to add that even without App Protection Policies active, the behaviour is the same : the app just doesn't seem to receive any request to open a file.

Sadly, due to security constraints, I cannot share code or video relative to the opening of the files. Here are the answers to your questions, to the best of my ability :

• The open file procedure is currently done out of application : we are using open actions in the Quicklook menu to send it to the app. This is true whether we try to open the file locally or from OneDrive Business.
• The file we are trying to open is indeed not at the path currently trying to be opened by the application : does the Intune SDK do anything with the file paths of work data ? Should we direct our application towards specific folders in which to open files ?
• I am sadly not at liberty to share how we open files in our application, due to security reasons. However, I can tell you that on request, we usually copy the file requesting an open to a folder contained in the app container. Verifying the contents of the container, there doesn't seem to be any file on our end.
• Our method to open files is never called : the app doesn't even seem to see there's a file open request. Therefore, it seems to me that the Intune SDK intercepts and filters out this request for one reason or another.