This week, Microsoft began enforcing stricter security requirements within Intune. Organizations and users who have not updated their mobile work apps in time have been unable to open business emails since January 19.
According to Neowin, this is a measure that Microsoft has been warning about for some time, but which is only now having visible consequences for end users.
The change revolves around Intune Mobile Application Management. From now on, Microsoft will only allow apps that are built with recent SDK versions or are correctly packaged with the latest Intune wrapper. Apps that do not comply with this will be automatically blocked. This affects not only internal or custom applications, but also commonly used Microsoft apps such as Outlook, Teams, and OneDrive on both Android and iOS, if they have not been updated via the App Store or Play Store.
For Android, the Intune Company Portal plays a key role. If this app has not been updated to a recent version, other managed work apps on the same device may also refuse to start. A single overdue update can therefore paralyze the entire mobile work environment. On iOS, the emphasis is less on the portal and more on the SDK or wrapper used, which mainly affects organizations with their own line of business apps.
Generous transition period
Microsoft itself reports that organizations have been notified of this change via the Microsoft 365 Message Center since September 2025. December 15, 2025 was mentioned as the intended effective date, with the addition that enforcement would follow shortly thereafter. This explains why users are only now actually being blocked. According to Microsoft, this generous transition period was necessary to give administrators and development teams sufficient time to adapt their apps and policies.
In the same communication, Microsoft makes a clear distinction between Android and iOS. Android apps largely follow updates automatically once the Company Portal and at least one Microsoft app have been updated. This is not the case with iOS, where developers must actively switch to new SDK or wrapper versions. This is precisely where the greatest risk of blockages arises when internal apps are not actively maintained.
Microsoft also provides administrators with concrete tools to prevent problems. Conditional Launch policies can be used to enforce minimum SDK versions, app versions, or Company Portal versions. This allows users to be warned or blocked in advance, before they unexpectedly lose access to their work apps.
The situation shows that mobile working is becoming increasingly linked to strict app and update management. Organizations that fail to organize this adequately run the risk of productivity coming to an abrupt halt, not due to a malfunction, but because of outdated software that is no longer permitted.