Backup org data to Android backup services |
Select Block to prevent this app from backing up work or school data to the Android Backup Service.
Select Allow to allow this app to back up work or school data. |
Allow |
Send org data to other apps |
Specify what apps can receive data from this app: - Policy managed apps: Allow transfer only to other policy-managed apps.
- All Apps: Allow transfer to any app.
- None: Don't allow data transfer to any app, including other policy-managed apps.
There are some exempt apps and services to which Intune may allow data transfer by default. In addition, you can create your own exemptions if you need to allow data to transfer to an app that doesn't support Intune APP. For more information, see Data transfer exemptions. This policy may also apply to Android App Links. General web links are managed by the Open app links in Intune Managed Browser policy setting. Note Intune doesn't currently support the Android Instant Apps feature. Intune will block any data connection to or from the app. For more information, see Android Instant Apps in the Android Developer documentation. If Send org data to other apps is configured to All Apps, text data may still be transferred via OS sharing to the clipboard. |
All Apps |
|
This option is available when you select Policy managed apps for the previous option. |
|
|
Choose Block to disable the use of the Save As option in this app. Choose Allow if you want to allow the use of Save As. When set to Block, you can configure the setting Allow user to save copies to selected services.
Note:- This setting is supported for Microsoft Excel, OneNote, PowerPoint, Word, and Edge. It may also be supported by third-party and LOB apps.
- This setting is only configurable when the setting Send org data to other apps is set to Policy managed apps.
- This setting will be "Allow" when the setting Send org data to other apps is set to All Apps.
- This setting will be "Block" with no allowed service locations when the setting Send org data to other apps is set to None.
- This setting will save files as encrypted if Encrypt org data is set to Require.
|
Allow |
Allow user to save copies to selected services
|
Users can save to the selected services (OneDrive for Business, SharePoint, Photo Library, Box, and Local Storage). All other services will be blocked. |
0 selected |
Transfer telecommunications data to |
Typically, when a user selects a hyperlinked phone number in an app, a dialer app will open with the phone number prepopulated and ready to call. For this setting, choose how to handle this type of content transfer when it's initiated from a policy-managed app:- None, do not transfer this data between apps: Don't transfer communication data when a phone number is detected.
- A specific dialer app: Allow a specific dialer app to initiate contact when a phone number is detected.
- Any policy-managed dialer app: Allow any policy managed dialer app to initiate contact when a phone number is detected.
- Any dialer app: Allow any dialer app to be used to initiate contact when a phone number is detected.
|
Any dialer app |
|
When a specific dialer app has been selected, you must provide the app package ID. |
Blank |
|
When a specific dialer app has been selected, you must provide the name of the dialer app. |
Blank |
Transfer messaging data to |
Typically, when a user selects a hyperlinked phone number in an app, a dialer app will open with the phone number prepopulated and ready to call. For this setting, choose how to handle this type of content transfer when it's initiated from a policy-managed app. For this setting, choose how to handle this type of content transfer when it's initiated from a policy-managed app:- None, do not transfer this data between apps: Don't transfer communication data when a phone number is detected.
- A specific messaging app: Allow a specific messaging app to be used to initiate contact when a phone number is detected.
- Any policy-managed messaging app: Allow any policy-managed messaging app to be used to initiate contact when a phone number is detected.
- Any messaging app: Allow any messaging app to be used to initiate contact when a phone number is detected.
|
Any messaging app |
|
When a specific messaging app has been selected, you must provide the app package ID. |
Blank |
|
When a specific messaging app has been selected, you must provide the name of the messaging app. |
Blank |
Receive data from other apps |
Specify what apps can transfer data to this app: - Policy managed apps: Allow transfer only from other policy-managed apps.
- All Apps: Allow data transfer from any app.
- None: Don't allow data transfer from any app, including other policy-managed apps.
There are some exempt apps and services from which Intune may allow data transfer. See Data transfer exemptions for a full list of apps and services. |
All Apps |
Open data into Org documents |
Select Block to disable the use of the Open option or other options to share data between accounts in this app. Select Allow if you want to allow the use of Open.
When set to Block you can configure the Allow user to open data from selected services to specific which services are allowed for Org data locations.
Note:- This setting is only configurable when the setting Receive data from other apps is set to Policy managed apps.
- This setting will be "Allow" when the setting Receive data from other apps is set to All Apps.
- This setting will be "Block" with no allowed service locations when the setting Receive data from other apps is set to None.
- The following apps support this setting:
- OneDrive 6.14.1 or later.
- Outlook for Android 4.2039.2 or later.
- Teams for Android 1416/1.0.0.2021173701 or later.
|
Allow |
Allow users to open data from selected services
|
Select the application storage services that users can open data from. All other services are blocked. Selecting no services will prevent users from opening data.
Supported services:- OneDrive for Business
- SharePoint Online
- Camera
- Photo Library
Note: Camera doesn't include Photos or Photo Gallery access. When selecting Photo Library (includes Android's Photo picker tool) in the Allow users to open data from selected services setting within Intune, you can allow managed accounts to allow incoming image/video from their device's local storage to their managed apps. |
All selected |
Restrict cut, copy and paste between other apps |
Specify when cut, copy, and paste actions can be used with this app. Choose from: - Blocked: Don't allow cut, copy, and paste actions between this app and any other app.
- Policy managed apps: Allow cut, copy, and paste actions between this app and other policy-managed apps.
- Policy managed with paste in: Allow cut or copy between this app and other policy-managed apps. Allow data from any app to be pasted into this app.
- Any app: No restrictions for cut, copy, and paste to and from this app.
|
Any app |
Cut and copy character limit for any app |
Specify the number of characters that may be cut or copied from org data and accounts. This will allow sharing of the specified number of characters when it would be otherwise blocked by the "Restrict cut, copy, and paste with other apps" setting. Default Value = 0 Note: Requires Intune Company Portal version 5.0.4364.0 or later. |
0 |
Screen capture and Google Assistant |
Select Block to block screen capture, block Circle to Search, and block Google Assistant accessing org data on the device when using this app. Choosing Block will also blur the App-switcher preview image when using this app with a work or school account. Note: Google Assistant may be accessible to users for scenarios that don't access org data. |
Block |
Approved keyboards |
Select Require and then specify a list of approved keyboards for this policy. Users who aren't using an approved keyboard receive a prompt to download and install an approved keyboard before they can use the protected app. This setting requires the app to have the Intune SDK for Android version 6.2.0 or later. |
Not required |
Select keyboards to approve |
This option is available when you select Require for the previous option. Choose Select to manage the list of keyboards and input methods that can be used with apps protected by this policy. You can add additional keyboards to the list, and remove any of the default options. You must have at least one approved keyboard to save the setting. Over time, Microsoft may add additional keyboards to the list for new App Protection Policies, which will require administrators to review and update existing policies as needed. To add a keyboard, specify: - Name: A friendly name that that identifies the keyboard, and is visible to the user.
- Package ID: The Package ID of the app in the Google Play store. For example, if the URL for the app in the Play store is
https://play.google.com/store/details?id=com.contoskeyboard.android.prod , then the Package ID is com.contosokeyboard.android.prod . This package ID is presented to the user as a simple link to download the keyboard from Google Play. Note: A user assigned multiple App Protection Policies will be allowed to use only the approved keyboards common to all policies. |
|