Step 2 - Add App Protection Policy
SCA supports the core Intune App Protection Policy settings and is capable of supporting advanced App Protection Policy and App Configuration Policy settings.
2.1 - Create an App Protection Policy in Microsoft Intune.
2.2 - Add Secure Contacts to App Protection Policies for managed Devices
2.3 - Configure the setting for Send org data to other apps at least with the restrictive option e.g. Policy managed apps in the Data protection-pane for App Protection Policies.
2.4 - Add for the setting “Select apps to exempt” the following Name/Value
This option is needed for SCA to open phone-settings on your iOS/iPadOS device.
Proceed with the any other setting in this policy according to your best practice for App Protection Policies and assign the test group to this policy.
After you created the App Protection Policies and configured them in Endpoint Manager, in the next step, you need to enforce this policy with Conditional Access.