Step 3 -aMAM- Add App Protection Policy

SCA supports the core Intune App Protection Policy settings and is capable of supporting advanced App Protection Policy and App Configuration Policy settings.

For more information about App Protection policies, you can check out Microsoft Docs. App protection policies overview | Microsoft Docs

2.1 - Create an App Protection Policy in Microsoft Intune.

2.2 - Add de.provectus.securecontacts.droid as Custom App to your App Protection Policies

2.3 - Configure the setting for Send org data to other apps at least with the restrictive option e.g. Policy managed apps in the Data protection-pane for App Protection Policies.

2.4 - Add for the setting “Select apps to exempt” we recommend the following Name/Values for testing.

Name

Value

phonecall

tel

sms

smsto

mailto

CallSimulator

com.android.server.telecom

PermissionController

com.google.android.permissioncontroller

LocalContactsSync

com.google.android.dialer

App Protection Policy blocks all comunication. SCA needs this mandatory settings to work: phonecall - App requires this to open your phone-app sms - App requires this to open your message-app email - App requires this to open your mail-app PermissionController - App requires this to add permissions in Android optional: Call Simulator - Required for testing with Call Simulator LocalContactsSync - Required to sync contacts to work-profile Proceed with the any other setting in this policy according to your best practice for App Protection Policies and assign the test group to this policy.

After you created the App Protection Policies and configured them in Endpoint Manager, in the next step, you need to enforce this policy with Conditional Access.

If you have any questions regards the implementation of App Protection Policies, do not hesitate to contact us for support.

Last updated 11 months ago

Was this helpful?