Android app protection policy settings

Question 1

What are the three categories of policy settings?

Answer 1

Data protection settings, access requirements, conditional launch

These categories help manage and secure applications and data within an organization.

Question 2

What is required on the device to receive App Protection Policies for Android devices?

Answer 2

Intune Company Portal

This requirement ensures that the policies are enforced effectively on Android devices.

Question 3

apps can receive data from this app

How to use Send org data to other apps setting in data protection step?

Answer 3

Specify what apps can receive data from this app:
* Policy managed apps: Allow transfer only to other policy-managed apps.
* All Apps: Allow transfer to any app.
* None: Don’t allow data transfer to any app, including other policy-managed apps.

Question 4

prupose of Block/allow

How to use Save copies of org data setting in data protection step?

Answer 4

• Block to disable the use of the Save As option in this app.
• Allow if you want to allow the use of Save As.

When set to Block, you can configure the setting Allow user to save copies to selected services.

Question 5

apps can receive data from this app

How to use Receive data to other apps setting in data protection step?

Answer 5

Specify what apps can transfer data to this app:
* Policy managed apps: Allow transfer only from other policy-managed apps.
* All Apps: Allow data transfer from any app.
* None: Don’t allow data transfer from any app, including other policy-managed apps.

Question 6

4 options

How to use Restrict cut, copy and paste between other apps setting in data protection step?

Answer 6

Choose from:
* Blocked: Don’t allow cut, copy, and paste actions between this app and any other app.
* Policy managed apps: Allow cut, copy, and paste actions between this app and other policy-managed apps.
* Policy managed with paste in: Allow cut or copy between this app and other policy-managed apps. Allow data from any app to be pasted into this app.
* Any app: No restrictions for cut, copy, and paste to and from this app.

Question 7

What are the 2 options you can set for encryption ?

Answer 7

• Encrypt org data (Require to enable)
• Encrypt org data on enrolled devices : Select Require (or not required for reverse) to enforce encrypting org data with Intune app layer encryption on all devices

Question 8

result for block/allow

How to use Sync policy managed app data with native apps or add-ins setting ?

Answer 8

• Block to prevent policy managed apps from saving data to the device’s native apps (Contacts, Calendar and widgets) and to prevent the use of add-ins within the policy managed apps.
• Allow: the policy managed app can save data to the native apps or use add-ins, if those features are supported and enabled within the policy managed app.

Question 9

Give 4 examples of Access requirements settings you can set

Answer 9

• PIN: for access, type, length
• PIN reset after number of days
• Biometrics instead of PIN for access
• Work or school account credentials for access

Question 10

List 3 app conditions you can set in conditional launch

Answer 10

• Max PIN attempts
• Min app version
• Disabled account

Question 11

What does the Max PIN attempts setting specify?

Answer 11

The number of tries the user has to successfully enter their PIN before the configured action is taken.

Actions include: Reset PIN or wipe data (The user account that is associated with the application is wiped from the device)

Question 12

What actions can be configured for Max PIN attempts?

Answer 12

• Reset PIN
• Wipe data

The user account that is associated with the application is wiped from the device.

Question 13

What is the value to set for the Disabled account setting?

Answer 13

There’s no value to set for this setting.

Actions include: Block access or Wipe data.

Question 14

What actions can be taken when an account is disabled?

Answer 14

• Block access
• Wipe data

Question 15

List 6 device conditions you can set in conditional launch

Answer 15

• Jailbroken/rooted devices
• Min/Max OS version
• Device manufacturer(s)
• Require threat scan on apps
• Require device lock
• Max allowed device threat level

Question 16

What actions can you you specify for jailbroken/rooted devices?

Answer 16

Whether to block access to the device or wipe the device data

This is crucial for maintaining security in case of compromised devices.

Question 17

What are the actions that can be taken for jailbroken/rooted devices?

Answer 17

• Block access
• Wipe data

These actions help in managing the risks associated with jailbroken or rooted devices.

Question 18

What does the Data Protection setting prevent regarding printing?

Answer 18

It can prevent printing of organizational data

Default setting is allowed.

Question 19

What does the Access requirement setting focus on?

Answer 19

Device access such as pin, biometrics, and credentials

This is related to how users authenticate to access devices.

Question 20

What is the focus of the Conditional launch setting?

Answer 20

Device and OS settings
This determines conditions under which a device can launch an application.

Question 21

What does the Conditional Access policy pertain to?

Answer 21

Access controls to the data

This includes rules that govern how users access organizational resources.