Creating App Protection Policies in Intune
Regardless of what MDM that you use. App Protection Policies are an important part of our DLP strategy. We’ll show you how to create one.
- Navigate to the App Protections Policies Page
- Start by clicking “Create Policy” and choosing your Platform.
3. Set the “Name” and click “Next”
4. Select the Device Types or just leave it at All.
5. Select your Apps to enforce, either singular or multiple. As a best practice, I like to do one policy per application as things often change. Once done, click “Next”
6. Next, you draft your policy. Most of the settings are self explanatory and allow you to leverage tool tips to make good choices. Click “Next” when finished.
7. Next, you set any PIN and credential requirements you have and click “Next” again.
8. Conditional Launch can be a bit tricky. Typically, I suggest avoiding conditions around app version on Android as that could vary based on the device. You can see below potential device conditions that you can use to block access, wipe the application, or just warn users.
9. Set your Scope Tags (these let you set RBAC for the policies so only the right people can manage them).
10. The last section asks you to set assignments. This is by far the most important part. It is EXTREMELY hard to unring the bell when it comes to MAM Policies. You will find quite frequently when you try to remove them you are stuck with them forever! Once done, click “Next” and “Create” to finish