Mobile Device Application Protection Policy Modification Procedure

This admin procedure will provide background information on modifying an existing application protection policy.

This article is intended for employees of organizations that use Sittadel's security. Additionally, there are some actions that can only be accomplished by those with administrative privileges.

App Protection Policy

App protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app.

A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app.

A managed app is an app that has app protection policies applied to it and can be managed by Intune.

Mobile Application Management (MAM) app protection policies allows you to manage and protect your organization's data within an application.

Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM.


Procedure Scope: Administrators

Required Group Membership: Admin.DeviceSecurity


Modifying a Mobile Device Application Protection Policy

  1. Navigate to App Protection - Intune, select the policy you wish to alter.
  2. Upon opening the policy, select Properties; all the information of the MAM policy will be displayed, from naming all the way to group assignment. 7 points of interest will be available to You can modify the sections as needed.
    1. Basics: Adjusts non-functional items of the policy, such as Name or Description.
    2. Apps: Specifies the scope of applications that are being monitored, such as All Apps or All Microsoft Apps.
    3. Data Protection: Specifies how data will be handled within the applications if users will be allowed to backup application data or have access to copy & paste functionality.
    4. Access Requirements: Specifies authentication requirements that must be met when accessing an application if users are required to enter a pin before accessing the app or setting a session timeout for inactivity.
    5. Conditional Launch: Specifies device compliance requirements that must be maintained, or application access will be denied.
    6. Assignments: Specifies which groups will have the MAM policy enforced on their mobile devices.
    7. Scope Tags: Specifies which administrators will be able to view and modify this object.
  3. The Sections will all have the same prompt for adjustments, either add, remove, or delete the setting and select Review + Save to finalize the changes.
  4. Once on the revisions page, if all the necessary adjustments look correct, select Save to finalize the modification process.

You're Finished!

You should have successfully modified an existing application protection policy's data enforcement, access requirements, or conditional access settings catalog. For any other problems or questions, reach out to us!