App Configuration Policy -Name/Values for SCA
Overview
The Secure Contacts App (SCA) supports configuration through App Configuration Policies provided by any Mobile Device Management (MDM) solution. With these policies, administrators can customize app features, apply licenses, and specify which data sources SCA uses for contact synchronization.
Microsoft Intune is one common example of an MDM system that can deliver these policies, but SCA works with any MDM platform that supports standard key–value configuration.
By assigning the appropriate key–value pairs, you can centrally manage how SCA behaves across your organization.
Main Configuration Keys
Below is an overview of the most commonly used configuration keys in SCA. Each key controls a specific feature or integration.
Customize app features and change default behavior.
Apply the app license.
Use Azure AD groups as separate contact sources within SCA.
Connect Microsoft Dataverse (DVRS) to use contacts stored by apps built on the Dataverse platform (e.g. Dynamics 365, Power Apps, etc.).
Connect Azure Blob Storage (ABS) to use contacts exported from any app (including on-premises) via CSV/JSON using the SCA Blob Storage connector.
Use Exchange Online shared mailboxes as an optional data source for contacts.
Rename any data source or ID in SCA to a more descriptive, user-friendly name.
A sample configuration for your App Configuration Policy could look like this:

Best Practice
Start with SecContacts.Defaults to configure the basic app behavior that fits your organization.
Apply SecContacts.Licenses early so users are properly licensed from the start.
Use SecContacts.AADGroups if you want to organize your Azure AD groups as separate contact sources within SCA.
Apply CustomDatasourceNames to give your data sources clear and user-friendly names.
Add ServiceUrls, AzureBlobStorage, or SharedMailboxContacts only if you need extra contact sources beyond Azure AD.
When you make changes to your app configuration, it may take some time for the updates to be applied to the device.
For apps protected by Intune App Protection Policies (MAM without device enrollment), app configuration and protection policy updates are typically applied within about an hour. To force immediate application, the user must log out and log back in or manually sync via the Company Portal.
Last updated
Was this helpful?