Step 3 - Add Conditional Access Policy
The next step in this quick guide is to create a Conditional Access Policy in Microsoft Intune. It is possible to add SCA to your existing Conditional Access Policies for Office 365.
The following steps are required to implement Conditional Access for our App:
3.1 - Include your SCA-Testgroup to Users and Groups
3.2 - Include the apps Office 365 and Provectus - Secure Contacts as Cloud Apps
3.3 - Set Require app protection policy as Grant in the Access controls pane
3.4 - Turn your Conditional Access Policy ON
Office 365 as Cloud App will affect other Apps on your Mobile device, like Outlook, OneDrive & Teams etc.
According to Microsoft, it is mandatory to target Office 365 and Secure Contacts as Cloud App in your Conditional Access Policy in order to correctly implement SCA. It is required to add Office 365 as Cloud App, because our Enterprise Application (Provectus - Secure Contacts) is using its data source.
Be aware: You cannot exclude these Cloud Apps or separate them in different Conditional Access policies!
Once Conditional Access enforces App Protection Policies, the next step is to create an App Configuration Policy in Endpoint Manager in order to add a license for SCA.