Share via

Implement File Encryption Required policy in Intune compliant app

Ricardo Mendes 0 Reputation points
2025-06-12T08:13:07.2766667+00:00

Hi,

The Intune documentation refers that apps that implement the "File Encryption Required" policy must "use Intune encryption on any files saved to disk".

In order to be compliant does this apply to strictly all files or just the ones that can contain company data?

A quick look at an app's container will show several system generated files with web caching, temporary files and other files generated by 3rd-party dependencies. Most of these are out of the app's control. Can these be safely left out of the encryption policy?

Thanks in advance

Microsoft Security | Intune | Microsoft Intune iOS
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-06-12T08:13:07.3733333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The "File Encryption Required" policy in Intune applies specifically to files that contain corporate data. According to the Intune documentation, only data marked as "corporate" is encrypted according to the IT administrator's app protection policy. This means that files that do not contain company data, such as system-generated files, web caching, and temporary files, may not need to be included in the encryption policy.

    However, it is essential to ensure that any files that could potentially contain sensitive or corporate data are encrypted to comply with the policy. Therefore, while you can leave out certain files that are strictly non-corporate, it is advisable to assess the risk associated with any files that are not under your control.

    References:

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.