App Configuration Policy -Name/Values for SCA

Overview

The Secure Contacts App (SCA) supports configuration through App Configuration Policies provided by any Mobile Device Management (MDM) solution. With these policies, administrators can customize app features, apply licenses, and specify which data sources SCA uses for contact synchronization.

Microsoft Intune is one common example of an MDM system that can deliver these policies, but SCA works with any MDM platform that supports standard key–value configuration.

By assigning the appropriate key–value pairs, you can centrally manage how SCA behaves across your organization.

Main Configuration Keys

Below is an overview of the most commonly used configuration keys in SCA. Each key controls a specific feature or integration.

Configuration Key

Purpose

SecContacts.Defaults

Customize app features and change default behavior.

SecContacts.Licenses

Apply the app license.

SecContacts.AADGroups

Use Azure AD groups as separate contact sources within SCA.

SecContacts.ServiceUrls

Connect Microsoft Dataverse (DVRS) to use contacts stored by apps built on the Dataverse platform (e.g. Dynamics 365, Power Apps, etc.).

SecContacts.AzureBlobStorage

Connect Azure Blob Storage (ABS) to use contacts exported from any app (including on-premises) via CSV/JSON using the SCA Blob Storage connector.

SecContacts.SharedMailboxContacts

Use Exchange Online shared mailboxes as an optional data source for contacts.

SecContacts.CustomDatasourceNames

Rename any data source or ID in SCA to a more descriptive, user-friendly name.

A sample configuration for your App Configuration Policy could look like this:

Best Practice

Start with SecContacts.Defaults to configure the basic app behavior that fits your organization.
Apply SecContacts.Licenses early so users are properly licensed from the start.
Use SecContacts.AADGroups if you want to organize your Azure AD groups as separate contact sources within SCA.
Apply CustomDatasourceNames to give your data sources clear and user-friendly names.
Add ServiceUrls, AzureBlobStorage, or SharedMailboxContacts only if you need extra contact sources beyond Azure AD.

When you make changes to your app configuration, it may take some time for the updates to be applied to the device.

For apps protected by Intune App Protection Policies (MAM without device enrollment), app configuration and protection policy updates are typically applied within about an hour. To force immediate application, the user must log out and log back in or manually sync via the Company Portal.

Note: This delay applies only to MAM (app protection) scenarios. For fully enrolled MDM devices, app configuration and compliance policies are delivered through the device management channel and usually apply much faster. The delay with MAM is expected behavior and not an error.

PreviousDeployment Android MDM - Managed Device NextSCA Configuration - SecContacts.Defaults

Last updated 5 hours ago

Was this helpful?