Scribd
Upload
158 views9 pages

App Protection Policies

Uploaded by

kaya018952
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
158 views9 pages

App Protection Policies

Uploaded by

kaya018952
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

App Protection Policies

App protection policies are used to protected managed apps. Apps need to include the Intune APP SDK
in order to be able to be managed by App protection policies.

Management Type OS Policy Name Assignment


Apps on Android Work Profile Android Android_ Managed_APP ZZ-AS-M365-E3
Apps on Intune managed devices iOS iOS_ Managed_APP ZZ-AS-M365-E3
Apps on unmanaged devices Android Android_ Unmanaged_APP ZZ-AS-M365-E3
Apps on unmanaged devices iOS iOS_Unmanaged_AP ZZ-AS-M365-E3

There is a list of official supported apps by Microsoft available here

An overview about the existing app protection policies can be found here

Sika uses 4 different App protection policies. This is needed to allow users on managed devices to be
able to download files and to prevent the same action on unmanaged devices.
1.1.1. Android_Managed_APP
This policy is meant for managed Android devices.

Name Value

Description GLOSET0098
Platform Android
Target to apps on all device types No
Device types Android Enterprise
Public apps Adobe Acrobat Reader, Microsoft Edge, Microsoft Bookings, Power
Automate, Azure Information Protection, Microsoft Launcher,
Microsoft Kaizala, Power Apps, Microsoft Excel, Skype for Business,
Microsoft Office, Microsoft Office [HL], Microsoft Office [ROW],
Microsoft OneNote, Microsoft Outlook, Microsoft PowerPoint,
Microsoft Word, Microsoft Planner, Microsoft Power BI, Microsoft
SharePoint, Microsoft OneDrive, Microsoft Stream, Microsoft Teams,
Microsoft To-Do, Microsoft Whiteboard, Yammer, Microsoft StaffHub,
Zoom for Intune, Microsoft Lists, ServiceNow® Agent, Now®
Mobile

Custom apps None


Data protection
Prevent backup Block
Send org data to other apps All Apps
Save copies of org data Allow
Transfer telecommunication data to Any dialer app
Receive data from other apps All Apps
Open data into Ord documents Allow
Allow users to open data from OneDrive for Business, SharePoint, Camera
selected services
Restrict cut, copy and paste between Any app
other apps
Cut and copy character limit for any 0
app
Screen capture and Google Assistant Enable
Approved keyboards Not required
Encrypt org data Require
Encrypt org data on enrolled devices Require
Sync policy managed app data with Allow
native apps or add-ins
Restrict web content transfer with Microsoft Edge
other apps
Org data notifications Allow
Access requirements
PIN for access Not required
PIN type Numeric
Simple PIN Allow
Select minimum PIN length 4
Fingerprint instead of PIN for access Allow
(Android 6.0+)
Override fingerprint with PIN after Require
timeout
Timeout (minutes of inactivity) 30
Biometrics instead of PIN for access Allow
PIN reset after number of days No
Number of days 0
Select number of previous PIN values 0
to maintain
App PIN when device PIN is set Require
Work or school account credentials Not required
for access
Recheck the access requirements 15
after (minutes of inactivity)

1.1.2. Android_Unmanaged_APP
This policy is meant for unmanaged Android devices.

Name Value

Description GLOSET0100
Platform Android
Apps
Target to apps on all device types No
Device types Unmanaged
Public apps Adobe Acrobat Reader, Microsoft Edge, Microsoft Bookings,
Power Automate, Azure Information Protection, Microsoft
Launcher, Microsoft Kaizala, Power Apps, Microsoft Excel, Skype
for Business, Microsoft Office, Microsoft Office [HL], Microsoft
Office [ROW], Microsoft OneNote, Microsoft Outlook, Microsoft
PowerPoint, Microsoft Word, Microsoft Planner, Microsoft Power
BI, Microsoft SharePoint, Microsoft OneDrive, Microsoft Stream,
Microsoft Teams, Microsoft To-Do, Microsoft Whiteboard,
Yammer, Microsoft StaffHub, Zoom for Intune, Microsoft Lists,
ServiceNow® Agent , Now® Mobile

Custom apps None


Data protection
Prevent backups Block
Send org data to other apps Policy managed apps
Save copies of org data Block
Allow user to save copies to selected OneDrive for Business, SharePoint
services
Transfer telecommunication data to Any dialer app
Receive data from other apps All Apps
Open data into Org documents Allow
Allow users to open data from selected OneDrive for Business, SharePoint, Camera
services
Restrict cut, copy, and paste between Policy managed apps
other apps
Cut and copy character limit for any app 0
Screen capture and Google Assistant Disable
Approved keyboards Not required
Encrypt org data Require
Encrypt org data on enrolled devices Require
Sync policy managed app data with native Allow
apps or add-ins
Printing org data Allow
Restrict web content transfer with other Any app
apps
Org data notifications Allow
Access requirements
PIN for access Require
PIN type Numeric
Simple PIN Block
Select minimum PIN length 6
Fingerprint instead of PIN for access Allow
(Android 6.0+)
Override fingerprint with PIN after Not required
timeout
Timeout (minutes of inactivity) 0
Biometrics instead of PIN for access Allow
PIN reset after number of days No
Number of days 0
Select number of previous PIN values to 0
maintain
App PIN when device PIN is set Require
Work or school account credentials for Not required
access
Recheck the access requirements after 15
(minutes of inactivity)
Conditional launch
Max PIN attempts 5 – Reset PIN
Offline grace period 720 minutes – Block access
Offline grace period 90 days – Wipe data
Disabled account Wipe data
Jailbroken/rooted devices Block access
Min OS version 9.0 – Block Access

1.1.3. iOS_Managed_APP
This policy is meant for managed iOS devices.

Name Value

Description GLOSET0099
Platform iOS
Apps
Target to apps on all device types No
Device types Managed
Public apps Adobe Acrobat Reader, Skype for Business, Microsoft Kaizala, Microsoft
Power Apps, Microsoft Edge, Microsoft Excel, Microsoft Outlook,
Microsoft PowerPoint, Microsoft Word, Microsoft Bookings, Microsoft
Office, Microsoft OneNote, Microsoft Planner, Microsoft Power BI,
Power Automate, Azure Information Protection, Microsoft SharePoint,
Microsoft StaffHub, Microsoft OneDrive, Microsoft Teams, Microsoft
Lists, Microsoft Stream, Microsoft To-Do, Microsoft Visio Viewer,
Microsoft Whiteboard, Zoom for Intune, Yammer, Microsoft Lens,
ServiceNow® Agent , Now® Mobile
Custom apps net.beezy.store
Data protection
Prevent backups Block
Send org data to other apps All Apps
Select apps to exempt Default: tel;telprompt;skype;app-settings;calshow;itms;itmss;itms-
apps;itms-appss;itms-services;

Select universal links to exempt http://maps.apple.com, https://maps.apple.com,


http://facetime.apple.com, https://facetime.apple.com

Select managed universal links http://*.sharepoint.com/* http://*.sharepoint-df.com/*


http://*.yammer.com/* http://*.onedrive.com/*
http://tasks.office.com/* http://to-do.microsoft.com/sharing*
http://web.microsoftstream.com/video/*
http://msit.microsoftstream.com/video/* http://*.powerbi.com/*
http://app.powerbi.cn/* http://app.powerbigov.us/*
http://app.powerbi.de/* http://*.service-now.com/*
http://*.appsplatform.us/* http://*.powerapps.cn/*
http://*.powerapps.com/* http://*.powerapps.us/*
http://*teams.microsoft.com/l/* http://*devspaces.skype.com/l/*
http://*teams.live.com/l/* http://*collab.apps.mil/l/*
http://*teams.microsoft.us/l/* http://*teams-fl.microsoft.com/l/*
http://*.zoom.us/* http://zoom.us/* https://*.sharepoint.com/*
https://*.sharepoint-df.com/* https://*.yammer.com/*
https://*.onedrive.com/* https://tasks.office.com/* https://to-
do.microsoft.com/sharing* https://web.microsoftstream.com/video/*
https://msit.microsoftstream.com/video/* https://*.powerbi.com/*
https://app.powerbi.cn/* https://app.powerbigov.us/*
https://app.powerbi.de/* https://*.service-now.com/*
https://*.appsplatform.us/* https://*.powerapps.cn/*
https://*.powerapps.com/* https://*.powerapps.us/*
https://*teams.microsoft.com/l/* https://*devspaces.skype.com/l/*
https://*teams.live.com/l/* https://*collab.apps.mil/l/*
https://*teams.microsoft.us/l/* https://*teams-fl.microsoft.com/l/*
https://*.zoom.us/* https://zoom.us/*

Save copies of org data Allow


Transfer telecommunication data Any dialer app
to
Receive data from other apps All Apps
Open data into Org documents Allow
Allow users to open data from OneDrive for Business
selected services SharePoint
Camera
Restrict cut, copy, and paste Any app
between other apps
Cut and copy character limit for 0
any app
Third party keyboards Allow
Encrypt org data Require
Sync policy managed app data with Allow
native apps or add-ins
Printing org data Allow
Restrict web content transfer with Microsoft Edge
other apps
Org data notifications Allow
Access requirements
PIN for access Not required
PIN type Numeric
Simple PIN Allow
Select minimum PIN length 4
Touch ID instead of PIN for access Allow
(iOS 8+/iPadOS)
Override biometrics with PIN after Require
timeout
Timeout (minutes of inactivity) 30
Face ID instead of PIN for access Allow
(iOS 11+/iPadOS)
PIN reset after number of days No
Number of days 0
App PIN when device PIN is set Require
Work or school account credentials Not required
for access
Recheck the access requirements 15
after (minutes of inactivity)
Conditional launch
Offline grace period 720 minutes – Block Access
Offline grace period 90 days – Wipe data
Disabled account Wipe data
Jailbroken/rooted devices Block access
Min OS version 14.0 – Block Access

1.1.4. iOS_Unmanaged_APP
This policy is meant for unmanaged iOS devices.

Name Value

Description GLOSET0101
Platform iOS/iPadOS
Apps
Target to apps on all device types No
Device types Unmanaged
Public apps Adobe Acrobat Reader, Skype for Business, Microsoft Kaizala, Microsoft
Power Apps, Microsoft Edge, Microsoft Excel, Microsoft Outlook,
Microsoft PowerPoint, Microsoft Word, Microsoft Bookings, Microsoft
Office, Microsoft OneNote, Microsoft Planner, Microsoft Power BI,
Power Automate, Azure Information Protection, Microsoft SharePoint,
Microsoft StaffHub, Microsoft OneDrive, Microsoft Teams, Microsoft
Lists, Microsoft Stream, Microsoft To-Do, Microsoft Visio Viewer,
Microsoft Whiteboard, Zoom for Intune, Yammer, Microsoft Lens,
ServiceNow® Agent, Now® Mobile
Custom apps None
Data protection
Prevent backups Block
Send org data to other apps Policy managed apps with Open-In/Share filtering
Select apps to exempt Default: tel;telprompt;skype;app-settings;calshow;itms;itmss;itms-
apps;itms-appss;itms-services;
Select universal links to exempt http://maps.apple.com, https://maps.apple.com,,
http://facetime.apple.com, https://facetime.apple.com
Select managed universal links http://*.sharepoint.com/* http://*.sharepoint-df.com/*
http://*.yammer.com/* http://*.onedrive.com/*
http://tasks.office.com/* http://to-do.microsoft.com/sharing*
http://web.microsoftstream.com/video/*
http://msit.microsoftstream.com/video/* http://*.powerbi.com/*
http://app.powerbi.cn/* http://app.powerbigov.us/*
http://app.powerbi.de/* http://*.service-now.com/*
http://*.appsplatform.us/* http://*.powerapps.cn/*
http://*.powerapps.com/* http://*.powerapps.us/*
http://*teams.microsoft.com/l/* http://*devspaces.skype.com/l/*
http://*teams.live.com/l/* http://*collab.apps.mil/l/*
http://*teams.microsoft.us/l/* http://*teams-fl.microsoft.com/l/*
http://*.zoom.us/* http://zoom.us/* https://*.sharepoint.com/*
https://*.sharepoint-df.com/* https://*.yammer.com/*
https://*.onedrive.com/* https://tasks.office.com/* https://to-
do.microsoft.com/sharing* https://web.microsoftstream.com/video/*
https://msit.microsoftstream.com/video/* https://*.powerbi.com/*
https://app.powerbi.cn/* https://app.powerbigov.us/*
https://app.powerbi.de/* https://*.service-now.com/*
https://*.appsplatform.us/* https://*.powerapps.cn/*
https://*.powerapps.com/* https://*.powerapps.us/*
https://*teams.microsoft.com/l/* https://*devspaces.skype.com/l/*
https://*teams.live.com/l/* https://*collab.apps.mil/l/*
https://*teams.microsoft.us/l/* https://*teams-fl.microsoft.com/l/*
https://*.zoom.us/* https://zoom.us/*
Save copies of org data Allow
Allow user to save copies to OneDrive for Business
selected services SharePoint
Transfer telecommunication data Any dialer app
to
Receive data from other apps All Apps
Open data into Org documents Allow
Allow user to save copies from OneDrive for Business
selected services SharePoint
Camera
Restrict cut, copy, and paste Policy managed apps
between other apps
Cut and copy character limit for 0
any app
Third party keyboards Allow
Encrypt org data Require
Sync policy managed app data with Allow
native apps or add-ins
Printing org data Allow
Restrict web content transfer with Any app
other apps
Org data notifications Allow
Access requirements
PIN for access Require
PIN type Numeric
Simple PIN Block
Select minimum PIN length 6
Touch ID instead of PIN for access Allow
(iOS 8+/iPadOS)
Override biometrics with PIN after Not required
timeout
Timeout (minutes of inactivity) 0
Face ID instead of PIN for access Allow
(iOS 11+/iPadOS)
PIN reset after number of days No
Number of days 0
App PIN when device PIN is set Require
Work or school account credentials Not required
for access
Recheck the access requirements 15
after (minutes of inactivity)
Conditional launch
Max PIN attempts 5 – Reset PIN
Offline grace period 720 minutes – Block Access
Offline grace period 90 days – Wipe data
Disabled account Wipe data
Jailbroken/rooted devices Block access
Min OS version 14.0 – Block Access

You might also like