If we set "Override Biometric with Pin after Timeout" to "required", the value of "timeout (minutes of inactivity)" should be greater than the
If we set "Override Biometric with Pin after Timeout" to "required", the value of "timeout (minutes of inactivity)" should be greater than the value specified under "Recheck the access requirements after (minutes of inactivity)". If this timeout value is not met, the biometric prompt will continue to show.
Access requirements
To learn more about how multiple Intune app protection settings configured in the Access section to the same set of apps and users work on iOS/iPadOS, see
Can I use a biometric to access the app?
If allowed, biometrics is used to access the app on Android 10 or higher devices.
To use this setting, select Require and then configure an inactivity timeout.
Specify a time in minutes after which either a passcode or numeric (as configured) PIN will override the use of a biometric.
Data protection
An app protection policy is required with IntuneMAMUPN for managed devices.
This applies for any setting that requires enrolled devices as well.
Data transfer exemptions
There are some exempt apps and platform services that Intune app protection policy may allow data transfer to and from in certain scenarios.
This list is subject to change and reflects the services and apps considered useful for secure productivity.
Does setting override biometric with pin after timeout prompt for FaceID and pin?
Policy pic is attached.
The Setting Override Biometric with Pin after Timeout whether we select require or not require it always prompt for FaceID and PIN after Recheck the ACcess Requirement after (minutes of inactivity) is reached.
Is this the correct behaviour? 0-30 minutes, nothing will be asked. 30-60 minutes will be asked to use FaceID.
How do I require a user to sign in with Class 3 biometrics?
Select Require to require the user to sign in with class 3 biometrics.
For more information on class 3 biometrics, see Biometrics in Google's documentation.
Select Require to override the use of biometrics with PIN when a change in biometrics is detected.
In this article
This article describes the app protection policy settings for iOS/iPadOS devices.
The policy settings that are described can be
Universal Links
Universal links allow the user to directly launch an application associated with the link instead of a protected browser specified by the
What is a timeout in InTune?
Timeout:
This is the number of minutes before the access requirements (defined earlier in the policy) are rechecked.
For example, an admin turns on PIN and Blocks rooted devices in the policy, a user opens an Intune-managed app, must enter a PIN, and must be using the app on a non-rooted device.