# App Configuration Policy -Name/Values for SCA ### Overview The **Secure Contacts App (SCA)** supports configuration through **App Configuration Policies** provided by any Mobile Device Management (MDM) solution.\ With these policies, administrators can **customize app features, apply licenses, and specify which data sources SCA uses for contact synchronization**. > Microsoft Intune is one common example of an MDM system that can deliver these policies, but SCA works with **any MDM platform** that supports standard key–value configuration. By assigning the appropriate key–value pairs, you can centrally manage how SCA behaves across your organization. ### Main Configuration Keys Below is an overview of the most commonly used configuration keys in SCA. Each key controls a specific feature or integration.

Configuration Key	Purpose
SecContacts.Defaults	Customize app features and change default behavior.
SecContacts.Licenses	Apply the app license.
SecContacts.AADGroups	Use Azure AD groups as separate contact sources within SCA.
SecContacts.ServiceUrls	Connect Microsoft Dataverse (DVRS) to use contacts stored by apps built on the Dataverse platform (e.g. Dynamics 365, Power Apps, etc.).
SecContacts.AzureBlobStorage	Connect Azure Blob Storage (ABS) to use contacts exported from any app (including on-premises) via CSV/JSON using the SCA Blob Storage connector.
SecContacts.SharedMailboxContacts	Use Exchange Online shared mailboxes as an optional data source for contacts.
SecContacts.CustomDatasourceNames	Rename any data source or ID in SCA to a more descriptive, user-friendly name.

A sample configuration for your App Configuration Policy could look like this:

Note: This is just an example for illustration

### Best Practice * Start with [**SecContacts.Defaults**](https://docs.secure-contacts.com/documentation/app-configuration-policy-name-values-for-sca/sca-configuration-seccontacts.defaults) to configure the basic app behavior that fits your organization. * Apply [**SecContacts.Licenses**](https://docs.secure-contacts.com/documentation/app-configuration-policy-name-values-for-sca/sca-configuration-seccontacts.licenses) early so users are properly licensed from the start. * Use [**SecContacts.AADGroups**](https://docs.secure-contacts.com/documentation/app-configuration-policy-name-values-for-sca/sca-configuration-aad-filters-and-groups-1) if you want to organize your Azure AD groups as **separate contact sources** within SCA. * Apply [**CustomDatasourceNames**](https://docs.secure-contacts.com/documentation/app-configuration-policy-name-values-for-sca/sca-configuration-seccontacts.customdatasourcenames) to give your data sources clear and user-friendly names. * Add [**ServiceUrls**](https://docs.secure-contacts.com/documentation/sca-configuration-connect-additional-datasource#seccontacts.serviceurls), [**AzureBlobStorage**](https://docs.secure-contacts.com/documentation/sca-configuration-connect-additional-datasource#seccontacts.azureblobstorage), or [**SharedMailboxContacts**](https://docs.secure-contacts.com/documentation/sca-configuration-connect-additional-datasource#seccontacts.sharedmailboxcontacts) only if you need extra contact sources beyond Azure AD. {% hint style="success" %} When you make changes to your app configuration, it may take some time for the updates to be applied to the device. For apps protected by **Intune App Protection Policies (MAM without device enrollment)**, app configuration and protection policy updates are **typically applied within about an hour**. To force immediate application, the user must **log out and log back in** or **manually sync via the Company Portal**. {% endhint %} {% hint style="info" %} **Note:** This delay applies only to **MAM (app protection) scenarios**. For fully enrolled **MDM devices**, app configuration and compliance policies are delivered through the device management channel and usually apply much faster. The delay with MAM is expected behavior and not an error. {% endhint %}