MAM "Encrypt Org Data" requires Device PIN on unmanaged device for custom apps
In the BYOD scenario, when we require "Encrypt Org Data" as per https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios#encryption in the app protection policy, we see a different experience for iOS Store Apps versus custom LOB apps which have been wrapped with the Intune Wrapper.
For iOS store apps, an App PIN is sufficient to satisfy the "Encrypt Org Data" requirement. This is the desired user experience as the controls are only applied to the application.
However for custom LOB apps, Intune also prompts the user to set up a Device PIN to satisfy the "Encrypt Org Data" requirement. This is not the desired user experience as now we are enforcing Device level controls on their BYOD device.
Can this be changed so that a Device PIN is not required for the BYOD experience?