defaultManagedAppProtection resource type
Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Policy used to configure detailed management settings for a specified set of apps for all users not targeted by a TargetedManagedAppProtection Policy
Inherits from managedAppProtection
Methods
| Method | Return Type | Description |
|---|---|---|
| List defaultManagedAppProtections | defaultManagedAppProtection collection | List properties and relationships of the defaultManagedAppProtection objects. |
| Get defaultManagedAppProtection | defaultManagedAppProtection | Read properties and relationships of the defaultManagedAppProtection object. |
| Create defaultManagedAppProtection | defaultManagedAppProtection | Create a new defaultManagedAppProtection object. |
| Delete defaultManagedAppProtection | None | Deletes a defaultManagedAppProtection. |
| Update defaultManagedAppProtection | defaultManagedAppProtection | Update the properties of a defaultManagedAppProtection object. |
Properties
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. Inherited from managedAppProtection |
| periodOnlineBeforeAccessCheck | Duration | The period after which access is checked when the device is connected to the internet. Inherited from managedAppProtection |
| allowedInboundDataTransferSources | managedAppDataTransferLevel | Sources from which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none. |
| allowedOutboundDataTransferDestinations | managedAppDataTransferLevel | Destinations to which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none. |
| organizationalCredentialsRequired | Boolean | Indicates whether organizational credentials are required for app use. Inherited from managedAppProtection |
| allowedOutboundClipboardSharingLevel | managedAppClipboardSharingLevel | The level to which the clipboard may be shared between apps on the managed device. Inherited from managedAppProtection. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked. |
| dataBackupBlocked | Boolean | Indicates whether the backup of a managed app's data is blocked. Inherited from managedAppProtection |
| deviceComplianceRequired | Boolean | Indicates whether device compliance is required. Inherited from managedAppProtection |
| managedBrowserToOpenLinksRequired | Boolean | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) Inherited from managedAppProtection |
| saveAsBlocked | Boolean | Indicates whether users may use the "Save As" menu item to save a copy of protected files. Inherited from managedAppProtection |
| periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Inherited from managedAppProtection |
| pinRequired | Boolean | Indicates whether an app-level pin is required. Inherited from managedAppProtection |
| maximumPinRetries | Int32 | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Inherited from managedAppProtection |
| simplePinBlocked | Boolean | Indicates whether simplePin is blocked. Inherited from managedAppProtection |
| minimumPinLength | Int32 | Minimum pin length required for an app-level pin if PinRequired is set to True Inherited from managedAppProtection |
| pinCharacterSet | managedAppPinCharacterSet | Character set which may be used for an app-level pin if PinRequired is set to True. Inherited from managedAppProtection. Possible values are: numeric, alphanumericAndSymbol. |
| periodBeforePinReset | Duration | TimePeriod before the all-level pin must be reset if PinRequired is set to True. Inherited from managedAppProtection |
| allowedDataStorageLocations | managedAppDataStorageLocation collection | Data storage locations where a user may store managed data. Inherited from managedAppProtection |
| contactSyncBlocked | Boolean | Indicates whether contacts can be synced to the user's device. Inherited from managedAppProtection |
| printBlocked | Boolean | Indicates whether printing is allowed from managed apps. Inherited from managedAppProtection |
| fingerprintBlocked | Boolean | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. Inherited from managedAppProtection |
| disableAppPinIfDevicePinIsSet | Boolean | Indicates whether use of the app pin is required if the device pin is set. Inherited from managedAppProtection |
| minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
| minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. Inherited from managedAppProtection |
| minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
| minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app. Inherited from managedAppProtection |
| managedBrowser | managedBrowserType | Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Inherited from managedAppProtection. Possible values are: notConfigured, microsoftEdge. |
| appDataEncryptionType | managedAppDataEncryptionType | Type of encryption which should be used for data in a managed app. (iOS Only). Possible values are: useDeviceSettings, afterDeviceRestart, whenDeviceLockedExceptOpenFiles, whenDeviceLocked. |
| screenCaptureBlocked | Boolean | Indicates whether screen capture is blocked. (Android only) |
| encryptAppData | Boolean | Indicates whether managed-app data should be encrypted. (Android only) |
| disableAppEncryptionIfDeviceEncryptionIsEnabled | Boolean | When this setting is enabled, app level encryption is disabled if device level encryption is enabled. (Android only) |
| minimumRequiredSdkVersion | String | Versions less than the specified version will block the managed app from accessing company data. (iOS Only) |
| customSettings | keyValuePair collection | A set of string key and string value pairs to be sent to the affected users, unalterned by this service |
| deployedAppCount | Int32 | Count of apps to which the current policy is deployed. |
| minimumRequiredPatchVersion | String | Define the oldest required Android security patch level a user can have to gain secure access to the app. (Android only) |
| minimumWarningPatchVersion | String | Define the oldest recommended Android security patch level a user can have for secure access to the app. (Android only) |
| faceIdBlocked | Boolean | Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. (iOS Only) |
Relationships
| Relationship | Type | Description |
|---|---|---|
| apps | managedMobileApp collection | List of apps to which the policy is deployed. |
| deploymentSummary | managedAppPolicyDeploymentSummary | Navigation property to deployment summary of the configuration. |
JSON Representation
Here is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.defaultManagedAppProtection",
"displayName": "String",
"description": "String",
"createdDateTime": "String (timestamp)",
"lastModifiedDateTime": "String (timestamp)",
"id": "String (identifier)",
"version": "String",
"periodOfflineBeforeAccessCheck": "String (duration)",
"periodOnlineBeforeAccessCheck": "String (duration)",
"allowedInboundDataTransferSources": "String",
"allowedOutboundDataTransferDestinations": "String",
"organizationalCredentialsRequired": true,
"allowedOutboundClipboardSharingLevel": "String",
"dataBackupBlocked": true,
"deviceComplianceRequired": true,
"managedBrowserToOpenLinksRequired": true,
"saveAsBlocked": true,
"periodOfflineBeforeWipeIsEnforced": "String (duration)",
"pinRequired": true,
"maximumPinRetries": 1024,
"simplePinBlocked": true,
"minimumPinLength": 1024,
"pinCharacterSet": "String",
"periodBeforePinReset": "String (duration)",
"allowedDataStorageLocations": [
"String"
],
"contactSyncBlocked": true,
"printBlocked": true,
"fingerprintBlocked": true,
"disableAppPinIfDevicePinIsSet": true,
"minimumRequiredOsVersion": "String",
"minimumWarningOsVersion": "String",
"minimumRequiredAppVersion": "String",
"minimumWarningAppVersion": "String",
"managedBrowser": "String",
"appDataEncryptionType": "String",
"screenCaptureBlocked": true,
"encryptAppData": true,
"disableAppEncryptionIfDeviceEncryptionIsEnabled": true,
"minimumRequiredSdkVersion": "String",
"customSettings": [
{
"@odata.type": "microsoft.graph.keyValuePair",
"name": "String",
"value": "String"
}
],
"deployedAppCount": 1024,
"minimumRequiredPatchVersion": "String",
"minimumWarningPatchVersion": "String",
"faceIdBlocked": true
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for