Microsoft Intune Mobile Application Management (MAM) policy changes not working

The following blog describes the solution to a scenario I encountered whereby changes to a Microsoft Intune mobile application management (MAM) policy would not take effect


In preparation for rolling out an MS Intune Mobile Application Management (MAM) policy to Outlook for iOS clients I created a test policy to enable pin protection and applied it to a test user account.  The steps used can be found here

In summary

  1. Create a test user and assign a Microsoft Intune license via
  2. SummaryStep1
  3. Create a user group to apply the app protection policy to, and assign the test user to the group, again via
  4. SummaryStep2
  5. Create an App protection policy via
  6. SummaryStep3
  7. Configure the policy settings (e.g. Require PIN access)
  8. SummaryStep4
  9. Choose Apps to associate with policy (e.g. Outlook)
  10. SummaryStep5
  11. Deploy policy to test group
  12. SummaryStep6

This worked well.  After the policy applied, when I opened Outlook for iOS as the test user I was prompted to enter a pin


Note:  It can take up to 8 hours for a newly deployed app protection policy to be applied.


The problem arose when I removed the test MAM policy (or more specifically, removed the test user from the group “Test – MAM Policy”). I expected that the pin protection settings would no longer apply.  However, the test user continued to be prompted to enter a pin, even after waiting sufficient time for the changes to take effect.


It was the “Common IT administrator issues” section of the Troubleshoot Mobile Application Management guide that pointed me in the right direction.  Specifically, this section which indicated that I may need to force a sync of the Outlook for iOS client for the changes to take effect


I used the following steps to force a sync of the Outlook for iOS client:

  1. From the Outlook app, click on settings
  2. Settings
  3. Select the test Office 365 account and then choose “Reset Account”
  4. ResetAccount

This forced a sync of the Outlook client.  Next time I opened the Outlook app, the pin protection policy had been removed.

Leave a Reply

Your email address will not be published. Required fields are marked *