{"id":6617,"date":"2026-01-20T03:57:30","date_gmt":"2026-01-20T03:57:30","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=6617"},"modified":"2026-01-20T03:57:30","modified_gmt":"2026-01-20T03:57:30","slug":"this-intune-update-isnt-optional-its-a-kill-switch-for-outdated-apps","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=6617","title":{"rendered":"This Intune update isn\u2019t optional \u2014 it\u2019s a kill switch for outdated apps"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Enterprises using Intune mobile application management (MAM) beware: Your apps won\u2019t run soon if you haven\u2019t planned ahead.<\/p>\n<p>Microsoft is updating its Intune MAM to support new security requirements <a href=\"https:\/\/learn.microsoft.com\/en-us\/intune\/intune-service\/fundamentals\/in-development#update-to-the-latest-intune-company-portal-for-android-intune-app-sdk-for-ios-and-intune-app-wrapper-for-ios\" target=\"_blank\" rel=\"noopener\">starting January 19 or \u201csoon after\u201d<\/a>, requiring that all iOS-wrapped apps, iOS SDK-integrated apps, and the Intune Company Portal for Android be updated to the latest Intune versions to keep them secure and running.<\/p>\n<p>This means that enterprises that haven\u2019t updated to the latest versions will be blocked from launching their apps altogether. And, this may not just include custom apps wrapped in Intune MAM, but other frequently-used ones such as Outlook and Teams.<\/p>\n<p>Simply put, \u201cIf you want your stuff to work, get it updated and pushed,\u201d said <a href=\"https:\/\/www.beauceronsecurity.com\/blog\/tag\/David+Shipley\" target=\"_blank\" rel=\"noopener\">David Shipley<\/a> of Beauceron Security.<\/p>\n<h2 class=\"wp-block-heading\">What\u2019s being updated in iOS, Android<\/h2>\n<p>Microsoft Intune is a core component of the Microsoft Modern Workplace. Its <a href=\"https:\/\/www.computerworld.com\/article\/1700964\/microsoft-intune-explained-unified-endpoint-management.html\" target=\"_blank\" rel=\"noopener\">MAM features<\/a> help enterprises secure their data on both corporate and personal devices. Using it, IT teams can manage corporate apps like Outlook or Teams without having to manage the entire device. This type of unified endpoint management (UEM) supports feature deployments, updates, and retirement of apps, while also protecting corporate data and preventing data leaks, with (ideally) minimal disruption for the user.<\/p>\n<p>With Monday\u2019s hard deadline, Microsoft will enforce <a href=\"https:\/\/learn.microsoft.com\/en-us\/intune\/intune-service\/apps\/app-protection-policy\" target=\"_blank\" rel=\"noopener\">stricter security requirements<\/a> within the UEM \u2014 but only for approved users. Those without the latest app protection supported Microsoft or third-party apps will \u201cbe blocked from launching their apps,\u201d the company warned. Microsoft announced the required updates several months ago in the Microsoft 365 Admin Center.<\/p>\n<p>For Apple users, Monday\u2019s full stop means:<\/p>\n<p>iOS line-of-business (LOB) and custom iOS apps using the Intune App SDK must update to SDK version 20.8.0 or later for apps compiled with Xcode 16, and to 21.1.0 or later for apps compiled with Xcode 26.<\/p>\n<p>Apps using the wrapper must update to the new version of the Intune App Wrapping Tool for iOS: version 20.8.1 or later for apps built with XCode 16; and version 21.1.0 or later for apps built with XCode 26.<\/p>\n<p>It\u2019s a little simpler for Android users: Once one Microsoft app with an updated SDK is on the device and the company portal is updated to version 5.0.6726.0 or later, other Android apps will update.<\/p>\n<p>Tenants with policies targeted to both iOS and Android apps should notify their users that they need to update, and ensure Microsoft apps such as Teams and Outlook are up-to-date, Microsoft advised. Admins can also enable conditional launch settings to block apps using older versions of the SDK or to warn users if they are using older versions of apps.<\/p>\n<p>Admins can also proactively ensure that users are not blocked while doing work on their phones. In the Microsoft Intune admin center, they can navigate to <em>Apps &gt; Monitor &gt; App protection status<\/em> to review the app and SDK versions users are running.<\/p>\n<p>\u201cWe recommend to always update your Android and iOS apps to the latest SDK or app wrapper to ensure that your app continues to run smoothly,\u201d Microsoft emphasized.<\/p>\n<p>Overall, the company advised enterprises to use <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/conditional-access\/policy-all-users-approved-app-or-app-protection#require-approved-client-apps-or-app-protection-policy-with-mobile-devices\" target=\"_blank\" rel=\"noopener\">conditional access policies<\/a> so that only apps with app protection policies enabled can access corporate resources.<\/p>\n<h2 class=\"wp-block-heading\">Supporting new security tools (and why enterprises should have updated yesterday)<\/h2>\n<p>With its new security updates, Microsoft has wrapped controls around existing custom apps that businesses have built, Beauceron\u2019s Shipley explained. These enable features such as requiring a PIN or biometric authentication inside the app, restricting data sharing with other managed apps, and selectively wiping corporate data from apps.<\/p>\n<p>\u201cThis [update] may be because there\u2019s some risk with the older versions not doing what they should\u2019ve been doing for protections,\u201d Shipley noted.<\/p>\n<p>He pointed out that Microsoft has been signaling this update since 2025 and already pushed back implementation from mid-December 2025 to this week. Also, it\u2019s interesting to note that this change may not just impact custom apps wrapped in Intune MAM, but Outlook, Teams, and others applications as well.<\/p>\n<p>\u201cThe long and short of it is, what Redmond wants is what Redmond gets when it finally puts a foot down, like it appears to have in this case,\u201d said Shipley.<\/p>\n<p>This deadline shouldn\u2019t come as a surprise to IT teams who stayed on top of things, noted <a href=\"https:\/\/www.infotech.com\/profiles\/fritz-jean-louis\" target=\"_blank\" rel=\"noopener\">Fritz Jean-Louis<\/a>, principal cybersecurity advisor at Info-Tech Research Group. Microsoft has been deprecating various parts of Intune, and how it connects from an infrastructure perspective, for some time now.<\/p>\n<p>\u201cLike many other things, if you\u2019re not actively managing [with] the right amount of due diligence, you will be impacted by this,\u201d said Jean-Louis, noting that employees dealing with work tasks on their phones (either remotely or on-premises) will experience outages without the updates. \u201cIt\u2019s going to seriously impact users if this has not been adequately addressed.\u201d<\/p>\n<p>From an IT perspective, if they\u2019re not ready for the new versioning, admins should contact Microsoft as soon as possible and determine whether mitigations can be put in place until their team is ready.<\/p>\n<p>If users experience issues, they should contact their official IT service desk, Jean-Louis advised. They should not attempt to self-resolve by, say, going to a random site and blindly entering a user ID and password to receive updates. Threat actors may be lying in wait, using this type of opportunity to deploy malware \u201cfixes.\u201d<\/p>\n<p>\u201cThreat actors are always looking for this sort of major change to take advantage,\u201d he noted.<\/p>\n<p><em>This article originally appeared on <a href=\"https:\/\/www.computerworld.com\/article\/4118887\/this-intune-update-isnt-optional-its-a-kill-switch-for-outdated-apps.html\" target=\"_blank\" rel=\"noopener\">Computerworld<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Enterprises using Intune mobile application management (MAM) beware: Your apps won\u2019t run soon if you haven\u2019t planned ahead. Microsoft is updating its Intune MAM to support new security requirements starting January 19 or \u201csoon after\u201d, requiring that all iOS-wrapped apps, iOS SDK-integrated apps, and the Intune Company Portal for Android be updated to the latest [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":6618,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-6617","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6617"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6617"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6617\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/6618"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6617"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6617"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6617"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}