Creating App Protection Policies in Intune

You are here:
< All Topics

Regardless of what MDM that you use. App Protection Policies are an important part of our DLP strategy. We’ll show you how to create one.

  1. Navigate to the App Protections Policies Page
  2. Start by clicking “Create Policy” and choosing your Platform.
Creating App Protection Policies

3. Set the “Name” and click “Next”

Naming your App Protection Policy

4. Select the Device Types or just leave it at All.

Selecting your Device Type Scope for App Protection Policies

5. Select your Apps to enforce, either singular or multiple. As a best practice, I like to do one policy per application as things often change. Once done, click “Next”

Selecting your Apps for App Protection Policies

6. Next, you draft your policy. Most of the settings are self explanatory and allow you to leverage tool tips to make good choices. Click “Next” when finished.

Creating your App Protection Policy

7. Next, you set any PIN and credential requirements you have and click “Next” again.

Creating your App Protection Policy Access Requirements

8. Conditional Launch can be a bit tricky. Typically, I suggest avoiding conditions around app version on Android as that could vary based on the device. You can see below potential device conditions that you can use to block access, wipe the application, or just warn users.

Setting your Conditional Launch for App Protection Policies

9. Set your Scope Tags (these let you set RBAC for the policies so only the right people can manage them).

Setting Scope Tags for App Protection Policies

10. The last section asks you to set assignments. This is by far the most important part. It is EXTREMELY hard to unring the bell when it comes to MAM Policies. You will find quite frequently when you try to remove them you are stuck with them forever! Once done, click “Next” and “Create” to finish

Assigning your App Protection Policies

Helpful Links

Microsoft’s App Protection Documentation

Table of Contents
Scroll to Top