Intune - App Protection Policies

karthik palani 1,036 Reputation points
2022-02-23T05:57:01.407+00:00

Hi All,

Need some information on below

  • On IOS, MAC & Android - I am testing app protection policies in which my requirements to block accessing M365 applications via any browser including IE edge. I used conditional access policy to grant only approved apps, which means IE edge also part of it. I am able to block the access on third party browser but not on IE edge. Please advice on how to block IE edge office application access also
  • On Windows Platform - I applied Windows Information Protection in blocked mode. It is creating a problem while opening adobe reader and stated ACCESS DENIED. Also if i open portal.office.com from IE edge, i can copy or transfer all content to other unmanaged apps (It is only restricting M365 locally installed apps not browser). Also added Adobe reader as desktop apps under protected apps & IE edge as well.

Please suggest your expertise

Microsoft Intune Application management
Microsoft Intune Application management
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Application management: The process of creating, configuring, managing, and monitoring applications.
935 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,346 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,960 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Crystal-MSFT 47,701 Reputation points Microsoft Vendor
    2022-02-24T01:37:39.663+00:00

    @karthik palani , For your questions, Here are some suggestions from my side:

    1. For conditional access, set another conditional policy, under conditions, choose platform: Android. iOS, macOS. Client apps: Browser. Access controls: block.
    2. For WIP. I notice Adobe reader shows access denied. Please check if the app is added as below:
      177240-image.png
      And see if the app is running in WIP by checking the Enterprise context:
      https://learn.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context

    For the data in portal.office.com, if we consider they are enterprise data that needs to be protected. We can add it ot cloud resource in network boundary.
    https://learn.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip#recommended-enterprise-cloud-resources

    Hope it can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. karthik palani 1,036 Reputation points
    2022-02-24T05:48:30.057+00:00

    Thanks Crystal-MSFT

    One more query, I applied app protection policy in IOS/IPad/Android. I was able to restrict all transfers except copying

    How to restrict copy from corporate OneDrive to local file storage and vice versa


  3. karthik palani 1,036 Reputation points
    2022-02-24T13:32:01.17+00:00

    Sure i will test, as i understand there is no App protection policies for MAC device. Any insight on how to protect data in it please


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.