# Deployment iOS MDM - Managed Device & APP
Implement SCA for your devices managed with Microsoft Endpoint Manager.\
Our App can be deployed automatically as iOS Store App or Volume Purchase Program App.
### App Configuration Policy
It is mandatory to configure an App Configuration Policy for SCA to your managed devices
1. Login to Endpoint Manager with your Admin-Account
2. Go to Apps → App configuration policies or follow this link:\
[App configuration policies - Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/#view/Microsoft_Intune_DeviceSettings/AppsMenu/~/appConfig)
3. Click on **Add** -> **Managed** **devices**
4. Enter a **Name** for App configuration policy e.g. “Secure Contacts App Configuration Managed”
5. Add “Secure Contacts” by clicking *Targeted app -* **Select app** **(1)** and search for “Secure Contacts” and select the app **(2)** and click on **OK (3)**
6. Click on **Next**
7. In the Settings pane, choose for *Configuration settings format* - **Use configuration designer**
8. A full list of all configuration values can be found in the documentation: [AppConfigurationPolicy Name-Values for SCA](#app-configuration-policy)
9. Click on **Next**
10. **Add group** at *Included groups* in the Assignments-pane, choose your SCA test-group with **Select**.
11. Click on **Next** after adding SCA test-group
12. In the *Review + create* pane click on **Create**
### App Protection Policy
You can add SCA to your existing App Protection Policies or add a new one for testing.
1. Go to [App protection policies - Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/#view/Microsoft_Intune_DeviceSettings/AppsMenu/~/appProtection) and login with your credentials
2. Click on **Create policy** and select **iOS/iPadOS**
3. Enter a Name for your Policy e.g. “Secure Contacts App Protection Policy Managed”
4. Click **Next**
5. In the Apps pane, change *Target to apps on all device types* to **No**
6. Select the box **Managed** for *Device types*
7. Click on **+ Select public apps** and search for “Secure Contacts”
8. Select the app and confirm with **Select**
9. Click **Next** on the Apps pane
10. Please proceed configuring App Protection Policies as recommended by Microsoft
11. Finish the setup by clicking on **Create**\
### Conditional Access Policy
1. Go to Endpoint security → Conditional access or follow this link:\
[Conditional Access - Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/#view/Microsoft_AAD_IAM/ConditionalAccessBlade/~/Policies)
2. Click on **New policy** to create a new Conditional Access policy
3. Enter a Name for the Policy e.g. “Secure Contacts Conditional Access Policy”
4. Go to ***Users or workload identities*** in *Assignments*
5. *Include* your SCA-Testgroup to **Users and Groups**\
\
6. Go to ***Cloud apps or actions*** in *Assignments*
7. *Include as Cloud Apps the apps* **Office 365** and **Secure Contacts**\
\
8. Set mandatory Conditions for your environment e.g. tick as a Condition for Client apps the value *Mobile apps and desktop clients*
9. Go to *Grant* in the *Access controls* pane
10. Set **Require app protection policy**
\
11. Set *Enable Policy* to **On**
12. Click on **Create**
{% hint style="info" %}
According to Microsoft, it is **mandatory** to target **Office 365** and **Secure Contacts** as Cloud App in your Conditional Access Policy in order to correctly implement SCA.\
It is required to add **Office 365** as Cloud App, because our Enterprise Application\
(Provectus - Secure Contacts) is using these data sources.
{% endhint %}
