How to set up App Protection Policies in Microsoft Intune
HTML-код
- Опубликовано: 26 июл 2024
- How to set up App Protection Policies in Microsoft Intune
In this video, I show you how to set App Protection Policies in Microsoft Intune. App protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app. I will also show you a few examples of an App Protection Policy in action using an iPad.
Note: For Android, you will need the Microsoft Intune Company Portal app installed. Users will also need to be assigned an Intune license for app protection policies to work.
//Timestamps:
00:00 Intro
02:22 Create an App Protection Policy
09:18 End User Experience for App Protection Policies
12:03 Outro
//Resources
App Protection Policies Overview
docs.microsoft.com/en-us/mem/...
Create App Protection Policy
docs.microsoft.com/en-us/mem/...
Application supported by Microsoft Intune
docs.microsoft.com/en-us/mem/...
//Disclaimer
As full disclosure, I work at Microsoft as a full-time employee.
//Tags
#MicrosoftIntune #Intune #MicrosoftMEM #MSFTIntune 
Наука
![Finesse2Tymes - Pretty Ricky [Official Music Video]](http://i.ytimg.com/vi/xIoP_mhYRT0/mqdefault.jpg)
![How to protect data and secure devices with Intune [App Protection Policy] 📱🔒](/img/1.gif)
I hope you enjoy this video on how to set up App Protection Policies in Microsoft Intune.
Let me know in the comments other topics you want me to cover!
//Timestamps:
00:00 Intro
02:22 Create an App Protection Policy
09:18 End User Experience for App Protection Policies
12:03 Outro
Best One, wish you deserve more subscription.
@@whitehack8375 thank you!! Glad you enjoyed it. Hopefully my channel will continue to grow. Have a good new year.
Nice to see someone explaining the basics clearly, without going into all kinds of technical stuff.
Great job!
Glad you liked it! Appreciate you watching and commenting.
I was confused and you made it clear. Thank you very much.
Glad this video was able to help :)
Just watched 2nd video from intune library,app protection policy is awesome, trying to complete all videos today and tomorrow
Amazing!! Enjoy - great to have you here and supporting the videos.
Really razor-sharp information and clear explanations and walkthroughs
Hey Harry, your videos are extremely helpful. Just wanted to let you know it is highly appreciated. I think you fill a nice niche in the O365 youtuber space. Great tutorials with minimal technical explanations just to get everyone onboard with the logic is great. Thanks again!
You're a brilliant tutor. Great stuff!
😊 thank you 🙏🏻
Easy to understand, great and clear content, thank you!
Thank you, Robert. I'm glad this video was helpful. I also appreciate the feed about it being clear!
Thank you Harry for the great video tutorial.
Thanks Kirby - glad it could help!
Cool, excellent
Thank you! Cheers!
Thanks for the info... very useful!
You bet! glad it helped.
Great tutorial and great explantations, keep it up!
Thanks for the kind words. I certainly will!
Thank you good sir! excellent video
You are welcome! Thanks for the feedback. I’m glad you enjoyed it. Let me know if there are any other topics you would like me to cover.
Hi Harry,
A very nice video to learn intune with ease. Would it be possible to have some videos related to troubleshooting.
Excellent!!!
Thank you!
Hey Harry, love your delivery on videos, very concise yet comprehensive! I'm curious to know because I've been learning intune, for BYOD I've learned that MAM is the way to go. Is that just app protection policies together with conditional access policies, or is there something more to this? Also, for BYOD Laptops (not my choice), would this also be the same approach? Would auto enrollment of personal devices be discouraged, or would automatic windows enrollment in conjunction with app policies and some light configuration policies be recommended? Perhaps a lot of questions, but it will give me so much clarity!
Excellent
Thanks Emon! Happy new year.
Thanks for the videos. Clear and helpful. I have a question and can't find the answer; Do you need apple business manager setup or can you use a personal iTunes account? The documents seem really unclear to me. I feel business manager is a better choice, but need it setup sooner than later, wondered if I can swap afterwards if a personal account is supported. Thanks
Fantastic video. Microsoft could take a couple tips on how to make a good Azure demo video from you. Never stop.
Thanks, Chris!! Appreciate the kind words. Out of interest, what part of my demoing stood out to you? I want to make sure I keep doing what works :)
@@HarryLowtonIT You slowly went into InTune and stepped through each screen of InTune . People just click through them very fast. You took your time and clearly explained each part. Then finally with the user experience to see what the it looks like in practice. So tired of people just talking about the benefits of each resource in azure for 10 minutes and a 90 second tutorial where assume everything is already configured perfectly.
Example of horrible demo: ruclips.net/video/6UDePj5newo/видео.html
They didn't even put the blog link in the description. We work with Azure gov, so we spent hours on hours trying to find configuration info for our resources.
@@chrismcclure4264 thanks, for taking the time to respond. It was beneficial. I will for sure keep the tutorials coming!
Not sure if you already have covered these in other videos but would like to see you do some content regarding Endpoint Manager / Device config policies & endpoint security.
Great question. I do not have a public video with this video topic, but I will put it on the list! Let me know if there is a specific policy or area of endpoint security you would like me to cover.
Thank Harry, for the amazing content. Please can you explain how you sign in to your iPhone to see the protected Apps? I created an App Protection Policy for Android users and I try using Intune Company Portal from my phone to log in, but I could not see any app. PLEASE KINDLY EXPLAIN THAT PART YOU LOGIN TO YOUR PHONE. THANKS
Fantastic explanations, I have learned a lot, thank you. One question regarding the security measures: for example you cannot copy text from your corporate apps to your private Gmail. Which is a great feature and makes sense. How about taking screenshots though? Screenshots will be then stored on your device. Is not that a security breach? What is your thought on this? Many thanks
would anyone happen to know how to edit the policy names after creating them? great videos !!
Harry, The way you explained is really pretty. I have tried those policies in a test environment and it’s working perfect. But, in the same device if they use google chrome or any other browser to access the web outlook,then these policies are not working. They are able to copy data to all services. Please give me a solution for this.
Also please tell us where can i access all of your in-tune videos from scratch to expert.
Expecting reply from you.
As I was watching the video just now, I thought this would be an issue!
Hi Harry, what is the least privilege role needed to configure policy in app protection?
On ios devices BYOD, how do you keep from screenshots? Keeping from copy-paste works but the user is still able to screenshot. Is there a way to block it? On fully managed without removing the camera, does screenshot still work on managed apps?
Hi harry ready to learn more about intune
Hi - awesome, glad to have you here. Let me know if there are any topics you are interested in.
@@HarryLowtonIT sure... I'll let you know
@@sahithsahadevan6658 Sound good! have a great week
Harry,
Is the app protection policy user-based or devices base? What happens if a user has two devices? Will the policy only affect 1?
Hey man, this is the 10th video im watching for app protection policies and not a single one has talked about the unmanaged windows policies and specifically the custom apps section. Would be great if you could cover that in a video.
You make a great point to keep this video short I left out the Windows side. I'm going to put that video idea on the list now :) Thanks for the feedback.
Is it true that for Android it is required to use the Company Portal in order to let this the Protection policy work? If i don't use the Company Portal the app in the apps are just working as usual without policies. Or do I need to configure a CA to only allow corporate apps via CP?
I am struggling with allowing users the ability paste into third party Apps we approve. I thought that adding the app to the exclusion "select apps to exempt" would be the solution but that doesn't seem to work.. not sure if anyone else has experienced this?
how to force user to sign in to the iOS edge browser mobile app by intune, before allowing them to access any sites
Is it possible to sync the O365 GAL to native contacts, when using App Protection Policies, on ios and android.? If not, how would we accomplish being able to sync the GAL to native contacts on ios and android? We also noticed that on Android it does not show the phone number for the contacts, inside the outlook app search. Any advice or recommendations are greatly appreciated.
Hey - you can use the setting Sync policy managed app data with native apps - from intune app protection policy
docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-iOS
When deploying outlook you can enable save contact
docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune
docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune#configure-contact-field-sync-to-native-contacts-for-outlook-for-ios-and-android
Hello,
Has anyone here used the Conditional access policy over App protection policy via Intune? If yes why and which one is recommended?
Just wanted to understand pros and cons of both and which one would be recommended to keep data safe and secure on users personal mobile devices.
Question - How does this work if a phone has a screenshot feature? Does the policy also block that?
What if someone takes a screenshot of the corp. data through teams or outlook? Will this action also be blocked?
I cant change target device from all to selected like unmanaged devices
Is it possible in Microsoft Intune to set up this policy that every time a user wants to download, copy, or delete something, the admin has to get the notification and grant the permission?
Is that true that the company that i work in can see my chats in whatsapp and conversations and Safari history and details snapchat and my photos in my Iphone ?
explain to us : app configuration policy in Microsoft Intune
Is it possible for an Intune administrator to prevent users from installing applications with a password, so that if a user wants to install an application or software, the administrator must approve or enter the password? Please provide the settings if they are present.
What is difference between app wrapping and app protection policy
Hi Ravish, Happy new year. This is a good question, App wrapping lets you take a LOB application and make it aware of Intune app protection policies to protect your corporate data. So app protection policy is the controls to enforce security on data and app wrapping prepares and application to make use of these policies. I hope that helps! docs.microsoft.com/en-us/mem/intune/developer/apps-prepare-mobile-application-management
I have been testing the device configuration policies in 3 physical devices.
Among the 3 devices, only 1 device seems to be accepting all policies.
Two of them is not accepting all the policies. As this is the case I think the issue is device specific. What could be the reason?
Android or iOs?
Will APP block screen capture?