First, if you are already are using Adobe Acrobat Reader Intune mobile app, it is a good idea to start removing it from your end users devices and deploy Adobe Reader instead.
Adobe has build the Intune SDK into the “normal” Adobe Reader mobile app.

Adobe will discontinue support for the Adobe Acrobat Reader Intune mobile app on November 30, 2019. All customers must migrate to Adobe Acrobat Reader mobile app, which now supports Microsoft Intune, to continue working in Acrobat on the go.

What does this means for you if you that are starting to managing Adobe Reader on IOS and Android??
Moving forward you don’t need to instruct your users to download a special version of Adobe Reader where the only way the end user can see the difference is a small icon in the top left corner.
Cover art

Note: I may be a good idea to create a uninstall of Adobe Reader for Intune on your managed devices or at least inform your end user that they need to use the “normal” Adobe Reader for IOS/Android

What can Intune do with the Intune app protection on Adobe Reader??

  • Disabling copying
  • Disabling printing
  • Disabling save to untrusted location

How to configure Intune App Protection for Adobe Reader:

If you are already are using Intune App protection it is easy to add Adobe Reader to you Intune Managed apps all you need to do is add Adobe Reader as a target app in your Intune App protection policy.

  1. Select Acrobat Reader

Adobe Intune App Protection - 01

Then you have Acrobat Reader in your app protection container and have protection with the properties that you have configured.

If you also want to block the end user to save into Adobe Cloud you need a extra Intune app configuration policy

  1. Click Client Apps
  2. Click App configuration policies
  3. Click Add

Adobe Intune App Config - AE - 07

  1. Enter a Name – Adobe Reader App configuration
  2. Select Device enrollment type : Managed apps
  3. Click Associated apps
  4. Select Adobe Reader on Andoird and IOS/iPadOS

Adobe Intune App Config - AE - 08

  1. Click Configuration settings
  2. Enter name : allowDocumentCloudFSAndServicesAccess
  3. Enter value : false

Adobe Intune App Config - AE - 09

 

 

 

How about the end user experience??

I will divide this section up into two – one for Android and one for IOS. In my personal opinion the end user experience is way better on Android then IOS. The reason for that is the end user don’t need to take any action on Android – where on IOS the end user need to enroll Adobe Reader for Intune app protection them self.

Android:

For Android it is easy to get the App protection policy applied to Adobe Reader.

Just install Adobe Reader on your Android device, and if you already are using a app with the App protection policy applied to it – Outlook is one example.

  1. You will be prompted “Your organization protects data in this app” Click OK

Screenshot_20191013-214410_Adobe Acrobat

  1. Enter your app passcode

Screenshot_20191013-214421_Adobe Acrobat

In the Adobe Reader app

  1. Click on the icon with the head

20191013_215656

To ensure that the App is under Intune management you can check by:

  1. Click on Preferences

20191013_215640

  1. Look at the enrollment status for Adobe Reader

20191013_214502

When you are opening a .pdf file on you Android device

  1. Try to copy something out to the clip board

20191013_215713

Starts an unmanaged app – in my case the Samsung Note app

  1. Set in the text you copied before and you get this response “Your organization’s data cannot be pasted here”

Screenshot_20191013-215749_Samsung Notes

IOS:

IOS is not as end user friendly as on Android, so it requires some information to your end user. Once that your end user has enrolled Adobe Reader into Intune the experience is the similarity to the one on Android.
First of all Adobe Reader need to be installed on the end users iPhone or iPad, when the app is started for the first time you will be meet by this welcome screen.

  1. Click on the X to continue

Adobe Reader IOS - UX - 01

Then Adobe Reader is working without any Intune integration – you need to enroll the app into Intune.

  1. Click on the icon in the top right corner with the head on it

Adobe Reader IOS - UX - 02

  1. Click Preferences
  2. Click the Enroll bottom

Adobe Reader IOS - UX - 03

  1. You now need to sign in with you corporate account
  2. Click next and enter your password

Adobe Reader IOS - UX - 04

Now Adobe Reader will check for the App protection policy “Checking your organization’s data access requirements for this app

Note: Asking to set Device Passcode only happen if you do not have any passcode on your device

  1. Click OK – setup your device passcode and reopen the app

Adobe Reader IOS - UX - 05

If you already had setup a device passcode, you will only be prompted for:

 

Your IT administrator is now helping you protect work or school data in this app

  1. Click OK

Adobe Reader IOS - UX - 07

Then you have to configure the PIN as stated in your App protection policy

  1. Set a PIN

Adobe Reader IOS - UX - 08

Afterwords if you are using the build-in copy feature

  1. Mark some text and copy

Adobe Reader IOS - UX - 09

Do the past in in the build-in Notes app

  1. You will get “Your organization’s data cannot be posted here” message

Adobe Reader IOS - UX - 10

 

Happy testing

Read more:

End of life | Adobe Acrobat Reader Intune app for iOS and Android
Adobe Reader – Enterprise Mobility Management
Adobe Acrobat chooses Microsoft 365 for built-in app protection