App protection policies can apply to apps running on devices that may or may not be managed by Intune. If your organization allowed BYOD this is a must adopt solution for your organization.
App protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move "corporate" data or a set of actions that are prohibited or monitored when the user is inside the app. A managed app is an app that has app protection policies applied to it and can be managed by Intune.
Now let's create a create and assign app protection policy. We need to assign Intune licence to the end-user before we can assign an app protection policy to a user. Let's do that first we will go to Azure AD> Users> (Specific Use)> licences and will assign Intune licences.
Now let's create an app protection policy. First, we will go to https://endpoint.microsoft.com/>Apps>Policy and click on app protection policy.
We will create an APP for window 10.
Now we will select an app to protect and will choose settings according to our requirement.
We will select a user group to assign this policy.
Finally, we will click review and create.
Now let's understand App configuration policies for Microsoft Intune.
App configuration policies can help you eliminate app setup up problems by letting you assign configuration settings to a policy that is assigned to end-users before they run the app. The settings are then supplied automatically when the app is configured on the end-users device, and end-users don't need to take action. The configuration settings are unique for each app.
Let's create an App configuration policy for Adobe Acrobat Reader. First, we will go to the Microsoft Endpoint Manager admin centre> Apps>configuration policy>Create app configuration policy
We will go through the required setting and will assign a user group.
Now let's understand about App selective wipe requests.
When a device is lost or stolen, or if the employee leaves your company, you want to make sure company app data is removed from the device. But you might not want to remove personal data on the device, especially if the device is an employee-owned device.
To create a Wipe request we will go to Microsoft Endpoint Manager admin centre>Apps>App selective wipe> Create wipe request.
Now in the next step, we will select the user and his devices.
We can monitor our wipe requests and can take action accordingly.
Hope you enjoyed reading this. Please follow me on Twitter for certification-related help. https://twitter.com/stharvid
Top comments (1)
Great post.