App protection policies

Question 1

What do Intune app protection policies (APP) ensure?

Answer 1

They ensure an organization’s data remains safe or contained in a managed app.

APP rules control how data is accessed and shared by apps on mobile devices.

Question 2

What can an Intune app protection policy enforce?

Answer 2

A rule enforced when the user attempts to access or move ‘corporate’ data.

It can also include a set of actions that are prohibited or monitored inside the app.

Question 3

What are some benefits of using Intune app protection policies?

Answer 3

• Protecting corporate data on mobile devices without requiring device enrollment
• Controlling how data is accessed and shared by apps on mobile devices

Question 4

Can Intune app protection policies be used independently of MDM solutions?

Answer 4

Yes, they can be used independent of any mobile-device management (MDM) solution.

Question 5

What types of devices can have app protection policies configured?

Answer 5

• Devices enrolled in Microsoft Intune
• Devices enrolled in a third-party MDM solution
• Devices not enrolled in any MDM solution

Question 6

What is required for an app to be managed using Intune app protection policies?

Answer 6

The app must be integrated with the Intune SDK or wrapped by the Intune App Wrapping Tool.

Question 7

What are the end-user requirements to use app protection policies on an Intune-managed app?

Answer 7

• The end user must have a Microsoft Entra account
• The end user must have a license for Microsoft Intune assigned to their Microsoft Entra account
• The end user must belong to a security group targeted by an app protection policy
• The end user must sign into the app using their Microsoft Entra account

Question 8

What are the 9 high level steps to create App protection policies for iOS/iPadOS and Android apps?

Answer 8

1. Apps > Protection. This selection opens the Protection details, where you create new policies and edit existing policies.
2. Select Create policy and select either iOS/iPadOS or Android
3. Basics : Name + Descr
4. Apps page You must add at least one app.
5. Data protection :
6. Access requirements
7. Conditional launch
8. Assignments: to groups of users
9. Review+create

Question 9

What is required on the Apps page of the app protection policy?

Answer 9

You must add at least one app

The Apps page allows you to choose which apps should be targeted by this policy.

Question 10

What controls can be configured on the Data protection page?

Answer 10

Data loss prevention (DLP) controls, including cut, copy, paste, and save-as restrictions

These settings determine how users interact with data in the apps that this app protection policy applies.

Question 11

What settings does the Access requirements page provide?

Answer 11

Settings to configure the PIN and credential requirements that users must meet to access apps

This is specifically for accessing apps in a work context.

Question 12

What does the Conditional launch page allow you to configure?

Answer 12

Sign-in security requirements for your app protection policy

You can select a Setting, enter the Value that users must meet, and select the Action for non-compliance.

Question 13

What is the purpose of the Assignments page?

Answer 13

To assign the app protection policy to groups of users

The policy must be applied to a group of users to take effect.

Question 14

Fill in the blank: The Data protection page includes _______ controls.

Answer 14

[DLP]

DLP stands for Data Loss Prevention, which includes various data interaction restrictions.

Question 15

True or False: Multiple actions can be configured for a single setting on the Conditional launch page.

Answer 15

True

This allows flexibility in handling sign-in security requirements.

Question 16

What must be done for the app protection policy to take effect?

Answer 16

Apply the policy to a group of users

This is done through the Assignments page.

Question 17

What is the relationship between Intune app protection policies and data loss prevention (DLP) controls?

Answer 17

Policies can have strict DLP controls for unmanaged devices and more relaxed controls for MDM managed devices

Question 18

How can you create or edit an Intune app protection policy?

Answer 18

Browse to Apps > Protection in the Intune admin center, then select Create policy or edit an existing policy

Question 19

What is the first step to use filters when assigning Intune app protection policies?

Answer 19

Navigate to the Assignments page and select Edit filter

Question 20

What is the data protection policy for unmanaged devices?

Answer 20

Strict data loss prevention (DLP) controls are in place

This policy ensures high security for devices that are not managed by a Mobile Device Management (MDM) system.

Question 21

How does the data protection policy for MDM managed devices differ from that for unmanaged devices?

Answer 21

The DLP controls may be a little more relaxed

MDM managed devices typically have more oversight and management, allowing for less stringent DLP measures.

Question 22

Fill in the blank: You can have one data protection policy for unmanaged devices in which _______ controls are in place.

Answer 22

strict data loss prevention (DLP)

Question 23

True or False: Both unmanaged and MDM managed devices have strict DLP controls.

Answer 23

False

Unmanaged devices have strict DLP controls, while MDM managed devices have more relaxed controls.