First, if you are already are using Adobe Acrobat Reader Intune mobile app, it is a good idea to start removing it from your end users devices and deploy Adobe Reader instead.
Adobe has build the Intune SDK into the “normal” Adobe Reader mobile app.
Adobe will discontinue support for the Adobe Acrobat Reader Intune mobile app on November 30, 2019. All customers must migrate to Adobe Acrobat Reader mobile app, which now supports Microsoft Intune, to continue working in Acrobat on the go.
What does this means for you if you that are starting to managing Adobe Reader on IOS and Android??
Moving forward you don’t need to instruct your users to download a special version of Adobe Reader where the only way the end user can see the difference is a small icon in the top left corner.
Note: I may be a good idea to create a uninstall of Adobe Reader for Intune on your managed devices or at least inform your end user that they need to use the “normal” Adobe Reader for IOS/Android
What can Intune do with the Intune app protection on Adobe Reader??
- Disabling copying
- Disabling printing
- Disabling save to untrusted location
How to configure Intune App Protection for Adobe Reader:
If you are already are using Intune App protection it is easy to add Adobe Reader to you Intune Managed apps all you need to do is add Adobe Reader as a target app in your Intune App protection policy.
- Select Acrobat Reader
Then you have Acrobat Reader in your app protection container and have protection with the properties that you have configured.
If you also want to block the end user to save into Adobe Cloud you need a extra Intune app configuration policy
- Click Client Apps
- Click App configuration policies
- Click Add
- Enter a Name – Adobe Reader App configuration
- Select Device enrollment type : Managed apps
- Click Associated apps
- Select Adobe Reader on Andoird and IOS/iPadOS
- Click Configuration settings
- Enter name : allowDocumentCloudFSAndServicesAccess
- Enter value : false
How about the end user experience??
I will divide this section up into two – one for Android and one for IOS. In my personal opinion the end user experience is way better on Android then IOS. The reason for that is the end user don’t need to take any action on Android – where on IOS the end user need to enroll Adobe Reader for Intune app protection them self.
For Android it is easy to get the App protection policy applied to Adobe Reader.
Just install Adobe Reader on your Android device, and if you already are using a app with the App protection policy applied to it – Outlook is one example.
- You will be prompted “Your organization protects data in this app” Click OK
- Enter your app passcode
In the Adobe Reader app
- Click on the icon with the head
To ensure that the App is under Intune management you can check by:
- Click on Preferences
- Look at the enrollment status for Adobe Reader
When you are opening a .pdf file on you Android device
- Try to copy something out to the clip board
Starts an unmanaged app – in my case the Samsung Note app
- Set in the text you copied before and you get this response “Your organization’s data cannot be pasted here”
IOS is not as end user friendly as on Android, so it requires some information to your end user. Once that your end user has enrolled Adobe Reader into Intune the experience is the similarity to the one on Android.
First of all Adobe Reader need to be installed on the end users iPhone or iPad, when the app is started for the first time you will be meet by this welcome screen.
- Click on the X to continue
Then Adobe Reader is working without any Intune integration – you need to enroll the app into Intune.
- Click on the icon in the top right corner with the head on it
- Click Preferences
- Click the Enroll bottom
- You now need to sign in with you corporate account
- Click next and enter your password
Now Adobe Reader will check for the App protection policy “Checking your organization’s data access requirements for this app
Note: Asking to set Device Passcode only happen if you do not have any passcode on your device
- Click OK – setup your device passcode and reopen the app
If you already had setup a device passcode, you will only be prompted for:
Your IT administrator is now helping you protect work or school data in this app
- Click OK
Then you have to configure the PIN as stated in your App protection policy
- Set a PIN
Afterwords if you are using the build-in copy feature
- Mark some text and copy
Do the past in in the build-in Notes app
- You will get “Your organization’s data cannot be posted here” message