iOS line-of-business (LOB) and custom iOS apps using the Intune App SDK must update to SDK version 20.8.0 or later for apps compiled with Xcode 16, and to 21.1.0 or later for apps compiled with Xcode 26.Apps using the wrapper must update to the new version of the Intune App Wrapping Tool for iOS: version 20.8.1 or later for apps built with XCode 16; and version 21.1.0 or later for apps built with XCode 26.It’s a little simpler for Android users: Once one Microsoft app with an updated SDK is on the device and the company portal is updated to version 5.0.6726.0 or later, other Android apps will update.Tenants with policies targeted to both iOS and Android apps should notify their users that they need to update, and ensure Microsoft apps such as Teams and Outlook are up-to-date, Microsoft advised. Admins can also enable conditional launch settings to block apps using older versions of the SDK or to warn users if they are using older versions of apps.Admins can also proactively ensure that users are not blocked while doing work on their phones. In the Microsoft Intune admin center, they can navigate to Apps > Monitor > App protection status to review the app and SDK versions users are running.”We recommend to always update your Android and iOS apps to the latest SDK or app wrapper to ensure that your app continues to run smoothly,” Microsoft emphasized.Overall, the company advised enterprises to use conditional access policies so that only apps with app protection policies enabled can access corporate resources.
Supporting new security tools (and why enterprises should have updated yesterday): With its new security updates, Microsoft has wrapped controls around existing custom apps that businesses have built, Beauceron’s Shipley explained. These enable features such as requiring a PIN or biometric authentication inside the app, restricting data sharing with other managed apps, and selectively wiping corporate data from apps.”This [update] may be because there’s some risk with the older versions not doing what they should’ve been doing for protections,” Shipley noted.He pointed out that Microsoft has been signaling this update since 2025 and already pushed back implementation from mid-December 2025 to this week. Also, it’s interesting to note that this change may not just impact custom apps wrapped in Intune MAM, but Outlook, Teams, and others applications as well.”The long and short of it is, what Redmond wants is what Redmond gets when it finally puts a foot down, like it appears to have in this case,” said Shipley.This deadline shouldn’t come as a surprise to IT teams who stayed on top of things, noted Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group. Microsoft has been deprecating various parts of Intune, and how it connects from an infrastructure perspective, for some time now.”Like many other things, if you’re not actively managing [with] the right amount of due diligence, you will be impacted by this,” said Jean-Louis, noting that employees dealing with work tasks on their phones (either remotely or on-premises) will experience outages without the updates. “It’s going to seriously impact users if this has not been adequately addressed.”From an IT perspective, if they’re not ready for the new versioning, admins should contact Microsoft as soon as possible and determine whether mitigations can be put in place until their team is ready.If users experience issues, they should contact their official IT service desk, Jean-Louis advised. They should not attempt to self-resolve by, say, going to a random site and blindly entering a user ID and password to receive updates. Threat actors may be lying in wait, using this type of opportunity to deploy malware “fixes.””Threat actors are always looking for this sort of major change to take advantage,” he noted.This article originally appeared on Computerworld.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4118902/this-intune-update-isnt-optional-its-a-kill-switch-for-outdated-apps-2.html
