CAPTOR for Intune has been updated to support biometric (Touch ID/Face ID) authentication. Here is a quick explanation of how to enable this feature.

Prerequisite: The App protection policy applied to CAPTOR for Intune must be set to allow TouchID and/or FaceID instead of a PIN, as shown in this screenshot.

Once the CAPTOR for Intune app protection policy is set to allow biometrics, there are three states the app can exist in:

1) Biometric auth is off, but the app user can turn it on. This is the default state if you do nothing more than enable biometrics in the app protection policy. CAPTOR will treat TouchID/FaceID as disabled, but the user can go to CAPTOR Settings and toggle it on. 

2) Biometric auth is locked on. Edit the CAPTOR for Intune app configuration by adding the key "allowbiometrics" with the value "True".

Once this change has been pushed to the device, the next time the user opens the app they will be prompted with the standard permission request to enable TouchID/FaceID. You can verify this by going to the CAPTOR Settings and look for Enable Biometric Authentication as shown in this screenshot.

3) Biometric auth is locked off. If you add "allowbiometrics" key with the value "False" the app setting will be locked off (the user cannot toggle it) and the app would not request permission to enable TouchID/FaceID. In other words, biometric authentication would be disabled and the user would not be able to turn it on.

If you have any questions on how this feature works or would like assistance enabling it for your users please contact Inkscreen Support.