App Protection Policy in Intune App Protection

Intune – Mobile Device Management – App Protection Policy in Intune App Protection

Scenario – We want to securely publish a corporate app (OneDrive) to users who will be using their own mobile ( iOS) devices. We want to protect the corporate data used in the app and establish authentication before accessing it. Users should not be able to copy and paste data directly from the app on to their own device.

We need to create an an App Protection Policy in Intune App Protection.

For more in-depth detail:

https://docs.microsoft.com/en-us/mem/intune/apps/apps-add

https://docs.microsoft.com/en-us/mem/intune/apps/apps-deploy

https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios

Create an App Protection Policy

  1. From the main Intune App Protection Home Screen: Select App protection policies -> Create policy -> iOS/iPadOS

  2. Fill out the Name and Description screen and then click Next.

  3. Select Unmanaged Apps in the Device Types drop down menu and select the Onedrive App in the Public apps section. Click Next

  4. On the Data Protection Screen you can select from several controls on what users can and cannot do with the corporate data that the App access. Work with your IT Security and Data Protection team  to understand what their requirements are. Click Next

  5. The Access Requirements screen allows you to add a layer of authentication to opening the App on the users own device. You can choose between various PIN types and options – again work with your IT Security teams on what they require. Click Next

    or

  6. The Conditional launch screen allows you to be more granular on what conditions the Device and the App have to meet for the App to be launched (Min OS and Max PIN attempts for example). Click Next.

  7. On the Assignments Page Select the Group who you want to apply this policy to and then click Next.

  8. Review your setting on the Review + Create Screen and then click Create

Read More

Office 365, Legacy Applications and MFA

Some legacy applications don’t support MFA. This is a solution to enable the apps to continue to function when MFA is enabled for a user in Office365.

How to create a “Additional Security Verification App Passwords”

Browse to https://portal.office.com/account/

Click “Security & Privacy” then click “Manage Security and Privacy”

Expand / Click on “Additional Security Verification”

Click “Create and manage app passwords”

Click “Create”

Enter a Name , example “Diary Sync” and click “Next”

Click “copy password to clipboard” (YOU NEED THIS PASSWORD)

(password above example only)

Some might get this error. Copy the password. (short cut to copy > Ctrl +A, then Ctrl + C)

(password above example only)

Click “Close”

You now have an application password which you can use with your legacy application without MFA causing any integration problems

Secured By miniOrange