Override biometrics with pin after timeout

  • Do you need a PIN for Intune iOS?

    A PIN is required to use the app.
    Users are prompted to set a PIN the first time they log in with their corporate account.
    Note All Intune-managed apps of the same publisher share the same PIN..

  • How do I reset my Intune app PIN?

    Sign in to the Microsoft Intune admin center.
    Select Devices, and then select All devices.
    Select the device you want to reset the passcode.
    In the device properties, select Reset passcode..

  • What is the offline grace period?

    The offline grace period is the period of time for which a virtualized application is allowed to launch and run on a Windows system without syncing with Workspace ONE Access..

  • What is the timeout in app protection policy?

    Timeout: This is the number of minutes before the access requirements (defined earlier in the policy) are rechecked.
    For example, an admin turns on PIN and Blocks rooted devices in the policy, a user opens an Intune-managed app, must enter a PIN, and must be using the app on a non-rooted device..

  • What is the timeout in app protection policy?

    Timeout: This is the number of minutes before the access requirements (defined earlier in the policy) are rechecked.
    For example, an admin turns on PIN and Blocks rooted devices in the policy, a user opens an Intune-managed app, must enter a PIN, and must be using the app on a non-rooted device.Aug 14, 2023.

  • A PIN is required to use the app.
    Users are prompted to set a PIN the first time they log in with their corporate account.
    Note All Intune-managed apps of the same publisher share the same PIN.
  • App protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app.
    A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app.
  • The offline grace period is the period of time for which a virtualized application is allowed to launch and run on a Windows system without syncing with Workspace ONE Access.
If we set "Override Biometric with Pin after Timeout" to "required", the value of "timeout (minutes of inactivity)" should be greater than the 
If we set "Override Biometric with Pin after Timeout" to "required", the value of "timeout (minutes of inactivity)" should be greater than the value specified under "Recheck the access requirements after (minutes of inactivity)". If this timeout value is not met, the biometric prompt will continue to show.

Access requirements

To learn more about how multiple Intune app protection settings configured in the Access section to the same set of apps and users work on iOS/iPadOS, see

Can I use a biometric to access the app?

If allowed, biometrics is used to access the app on Android 10 or higher devices.
To use this setting, select Require and then configure an inactivity timeout.
Specify a time in minutes after which either a passcode or numeric (as configured) PIN will override the use of a biometric.

Data protection

An app protection policy is required with IntuneMAMUPN for managed devices.
This applies for any setting that requires enrolled devices as well.

Data transfer exemptions

There are some exempt apps and platform services that Intune app protection policy may allow data transfer to and from in certain scenarios.
This list is subject to change and reflects the services and apps considered useful for secure productivity.

Does setting override biometric with pin after timeout prompt for FaceID and pin?

Policy pic is attached.
The Setting Override Biometric with Pin after Timeout whether we select require or not require it always prompt for FaceID and PIN after Recheck the ACcess Requirement after (minutes of inactivity) is reached.
Is this the correct behaviour? 0-30 minutes, nothing will be asked. 30-60 minutes will be asked to use FaceID.

How do I require a user to sign in with Class 3 biometrics?

Select Require to require the user to sign in with class 3 biometrics.
For more information on class 3 biometrics, see Biometrics in Google's documentation.
Select Require to override the use of biometrics with PIN when a change in biometrics is detected.

In this article

This article describes the app protection policy settings for iOS/iPadOS devices.
The policy settings that are described can be

Universal Links

Universal links allow the user to directly launch an application associated with the link instead of a protected browser specified by the

What is a timeout in InTune?

Timeout:

  • This is the number of minutes before the access requirements (defined earlier in the policy) are rechecked.
    For example, an admin turns on PIN and Blocks rooted devices in the policy, a user opens an Intune-managed app, must enter a PIN, and must be using the app on a non-rooted device.

    • Categories

    Nationality biometrics overseas
    Uscis biometrics overseas
    Nationality biometrics overseas@homeoffice
    Advantages of biometrics over passwords
    Biometric oversæt
    Biometrics pastillas
    Biometrics in the past
    Biometrics perth
    Biometrics permit
    Biometrics peru il
    Biometrics personal identification in networked society
    Biometrics permission
    Biometrics peru
    Biometric permit number
    Biometric permission android
    Biometric personal safe
    Biometric permit renewal
    Biometric personal data
    Periocular biometrics
    Persona biometrics