Microsoft has updated the conditional launch around jailbroken devices in an Intune application protection policy to block access by default. This setting cannot be removed by an administrator anymore.
The only two options available for jailbroken devices are ‘block access’ and ‘wipe data’.
For organizations that had previously removed jailbroken or rooted devices conditional launch setting for whatever reason, this is now enforced in the Intune SDK automatically. If users had been using a jailbroken or rooted device prior to this change, those devices would be blocked now.
An administrator cannot delete this setting anymore, this applies for both for iOS & Android devices.
A good option to be set as default & not removeable!