Hello Everyone, with the launch of Apple Intelligence, users are enjoying a much-improved ease of use that enables smoother interaction with their devices. This technological breakthrough allows people to complete tasks more efficiently, access information swiftly, and experience a more intuitive user interface.
Nonetheless, it's crucial to acknowledge that although these enhancements are advantageous for individual use, specific organizations may need to establish controls and guidelines for using Apple Intelligence on company devices. These measures are necessary due to data security, privacy issues, and adherence to regulatory standards.
Organizations may need to establish policies that define the use of Apple Intelligence to safeguard sensitive information and adhere to company protocols. This strategy enables businesses to harness the advantages of this advanced technology while securing their assets and ensuring a safe work environment.
I have written a blog on Apple Intelligence that details what it is and how it works. If you haven't read it yet, please check it out at https://www.cloudtekspace.com/post/how-does-apple-s-intelligence-enhance-the-functionality-of-apple-devices
Now let's explore how to handle these using Microsoft Intune.
Following the launch of Apple Intelligence, Microsoft announced Zero-day support for managing Apple Intelligence on Apple devices through Microsoft Intune. These features are available in iOS 18.1, and iPadOS 18.1 which can be tailored to meet organizational or business needs to enhance security and productivity. This helps them maintain a balance between productivity and data protection.
Apple Intelligence Features
Genmoji - A feature in Apple Intelligence allows users to design personalized emojis.
Image Playground - A feature that creates unique images from text descriptions,
concepts, and photos.
Writing Tools - A feature that allows users to proofread, reconstruct, summarize text, and compose content from scratch.
Image wand - A feature for creating images from sketches or empty spaces in the Notes app
Math Note Mode - A feature that enables users to obtain the result of a mathematical function in Apple Notes and Calculator.
Personalized Handwriting Results - A feature that generates text in the user's handwriting.
For devices that are supervised (i.e., those enrolled through ADE for iOS/iPadOS ), Intune added new settings related to Apple Intelligence in the Restrictions payload and Math Settings declaration, which necessitate supervision. The configurations supported on iOS/iPadOS starting from version 18.1 are listed below, effective from the specified service release.
Apple Intelligence Feature | Available Actions | Intune Release |
Allow Call Recording | If ‘false’, call recording is disabled. | 2411 |
Allow External Intelligence Integration | If ‘false’, disables the use of external, cloud-based intelligence services with Siri. | 2411 |
Allow External Intelligence Integrations Sign-In | Applying this restriction forces external intelligence providers into anonymous mode. If a user is signed in, they will be signed out on the next request. | 2411 |
Allow Genmoji | If 'false', prohibits the use of image generation. | 2408 |
Allow Image Playground | If 'false', prohibits the use of image generation. | 2408 |
Allow Image Wand | If 'false', prohibit the use of Image Wand. | 2408 |
Allow Mail Summary | If 'false', disable the ability to create summaries of email messages manually. This doesn't affect automatic summary generation. | 2411 |
Allow Personalized Handwriting Results | If false, prevents the system from generating text in the user's handwriting. | 2408 |
Allow Writing Tools | If 'false', disables Apple Intelligence writing tools. | 2408 |
Intelligence (Skip Key) | The key to skip the Intelligence pane in Setup Assistant. | 2409 |
Math Notes Mode | If present, configure the Math Notes mode of the calculator. If not present, math notes mode is enabled. | 2409 |
System Behavior > Math Notes | Controls whether Math Notes is allowed in other apps such as Notes. | 2409 |
You can view your Intune release version under Tenant Administration -> Tenant Status -> Service Release.
Step 1: Log in to the Intune Admin Center at https://intune.microsoft.com, go to Configurations under Manage Device, click on the Create option, and choose New Policy.
Step 2: Choose the platform; here, I have selected iOS/iPadOS. Then, select the settings catalog under profile type and tap on create.
Step 3: Enter a name for the profile and tap Next, then select +add settings to proceed with the configuration.
Step 4: Choose restrictions to enable Allow Personalized Handwriting Results, Allow Genmoji, Allow Image Playground, Allow Image Wand, Allow Writing Tools, Allow Mail Summary, Allow External Intelligence Integrations, Allow External Intelligence Integrations Sign In, and adjust these features according to your needs by enabling and disabling them.
Similarly, for Math Notes Mode and Math Notes, locate these under Declarative Device Management (DDM), and enable or disable the function according to your needs.
Step 5: After selecting these two, tap on 'Next', choose the appropriate scope tags under assignments, and assign them to the group to which the configuration needs to be deployed.
Step 6: Review the settings and tap on Create to finalize the creation of the configuration profile.
Users will be unable to access the AI features on a Supervised device. To view the configuration deployed by Intune, go to VPN & Device Management and choose the management profile. During my test with Playground, the application was blocked according to Image Playground is not allowed policy.
Managing Apple Intelligence on a BYOD Device
For personal or BYOM iOS/iPadOS devices, MDM controls are not available, but Intune MAM controls can be used for both managed and unmanaged devices. On iOS 18.1 and later, Intune will regulate access to new Apple Intelligence features for Intune MAM-protected apps.
Apple Intelligence feature | APP/MAM setting | Available Actions | App SDK Version |
Genmojis | Send Org data to other apps | Allow If set to "All Apps" Block if set to any other value | 19.7.5 and later |
Writing Tools | Send Org data to other apps | Allow If set to "All Apps" Block if set to any other value | 19.7.1 and later |
Summarize notifications | Org data notification | Allow If set to "All Apps" Block if set to any other value |
This configuration is established in the App Protection policy by accessing https://www.intune.microsoft.com, going to App Protection policies, and choosing to create a new policy or modify an existing one to tailor these values to your requirements. Refer to the table above to comprehend the functionality of these settings.
Compatible applications: Microsoft 365 (Office), Microsoft Edge, Microsoft Excel, Microsoft Loop, Microsoft OneDrive, Microsoft OneNote, Microsoft Outlook, Microsoft Planner, Microsoft PowerBI, Microsoft PowerPoint, Microsoft Viva Engage, Microsoft Word and Microsoft TeamsWhen using a BYOD device (iOS/iPadOS), the end user experience involves blocking the transfer of organizational data to other apps, which are set to Policy Managed Apps. If a user attempts to use a writing tool, they encounter an error stating "Action Not Allowed."
Conclusion
Managing Apple Intelligence on iOS/iPadOS with Microsoft Intune allows organizations to balance productivity and data protection. Intune's zero-day support ensures enhanced user interaction and task efficiency while maintaining security and privacy. It provides comprehensive settings for both supervised devices and BYOD, enhancing user experience and safeguarding sensitive information to meet regulatory standards.