Mobile Device Application Protection Policy Creation Procedure

This admin procedure will provide background information on creating an application protection policy that will influence the specified application on a mobile device platform; offers data protection and access requirements capabilities.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

App Protection Policy

App protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app.

A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app.

A managed app is an app that has app protection policies applied to it and can be managed by Intune.

Mobile Application Management (MAM) app protection policies allows you to manage and protect your organization's data within an application.

Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM.


Procedure Scope: Administrators

Required Group Membership: Admin.DeviceSecurity


Creating a Mobile Device Application Protection Policy

  1. Navigate to App Protection - Intune, select Create Policy specify the platform you wish to create the policy for.
  2. You will supply basic policy information such as name and description. Click Select to proceed.
  3. Supply the type of applications you want to protect for the devices enrolled in Intune. Select Next to continue.
  4. Next you will be able to configure settings related to data loss protection such as restrictions related to copy, paste, sharing, etc. Select Next to proceed.
  5. You will be able to set authentication requirements such as pin to access a device, password complexity and length, etc. Select Next to continue.
  6. Next you can set conditional access constraints for both application use and device access. Select Next to proceed.
  7. You will be able to configure group assignment or exclusion for the policy to effect. Select Next to proceed to revisions.
  8. The review page will allow you to see all configured settings for the protection policy creation process, if you detect a discrepancy at this stage make note of the section and select Previous to go back to make alterations before finalization. If everything checks out, select Create to publish the application.
  9. Upon successful creation the application will show up in the list of all MAM policies deployed through Intune.

You're Finished!

You should have successfully created a new application protection policy that should enforce data protection, access requirements, and conditional access for the specified application on the selected Mobile OS device type. For any other problems or questions, reach out to us!