Configure default application settings and user experience

Completed

App configuration policies in Microsoft Intune allow you to automatically apply settings to apps before users run them. Instead of asking users to manually configure each app, you push predefined settings through Intune. This approach eliminates setup problems, reduces user confusion, and ensures consistent settings across your organization.

Two channels for app configuration

Intune supports two main app configuration channels: Managed devices and Managed apps. The right choice depends on whether the organization manages the entire device or only the app and its data.

Managed devices app configuration policies are used for apps on enrolled devices. This model uses the MDM OS channel and works with apps that support configuration through the operating system. Intune supports common managed-device scenarios such as limiting apps to work or school accounts, configuring account setup, applying general app settings, and deploying S/MIME settings. Managed devices app configuration policies are available for iOS/iPadOS and Android enrolled devices.

Managed apps app configuration policies are used through the MAM channel and do not require the device to be enrolled. This model is designed for apps that use the Intune App SDK or the Intune App Wrapping Tool. Intune supports managed-app configuration for general app settings, S/MIME settings, and advanced data protection settings that extend app protection policies. Managed apps app configuration policies support iOS/iPadOS, Android, and Windows. Unlike managed-device app configuration, they don’t require device enrollment. On Windows, Managed apps app configuration policies support Microsoft Edge for Windows. No other public or custom Windows apps are supported for this policy type at this time.

Because Windows MAM and managed-app support can evolve, administrators should always check the current Microsoft Intune protected apps documentation and the managed-app configuration documentation before planning Windows app configuration. The protected apps list shows which apps support advanced app protection and app configuration capabilities, while the managed-app configuration documentation confirms which apps can actually be targeted by this policy type on Windows.

The settings you can configure depend on what the app supports. Common types of settings include:

• Security settings: Require strong passwords, enforce encryption, or set authentication requirements
• Branding settings: Apply company logos, themes, or custom colors
• Language and regional settings: Configure default language, date formats, or regional preferences
• Connectivity settings: Set custom port numbers, VPN requirements, or proxy settings
• Feature settings: Enable or disable specific app features based on user roles

App vendors document which settings their apps support. You should review app documentation to understand available configuration options.

Create an app configuration policy

1. Sign in to the Microsoft Intune admin center.

2. Go to Apps > Configuration > + Create > Managed devices.

3. In the Basics pane, enter a Name, and optionally add a Description. Then select Android Enterprise as Platform and then select All Profile Types next to Profile Type and select Next.

4. In the Settings pane, configure the following settings:

   • Configure email account settings: Yes
   • Authentication type: Modern authentication
   • Username attribute from Microsoft Entra ID: Primary SMTP Address
   • Allow only work or school accounts: Enabled

5. Finish the configuration and create the policy.

After you create an application configuration policy, you must deploy it to the correct users or devices. For managed device app configuration policies, you can assign the policy to user groups, device groups, or broad targets such as all users and all devices, and then refine the deployment with assignment filters. For managed app configuration policies, deployment is typically user-based.

Best practices for app configuration

Apply these practices when configuring apps in Intune:

• Start with vendor documentation: Always review what the app supports before configuring settings.
• Test in a pilot group: Deploy configuration to a small group first to verify settings work as intended.
• Use groups to organize: Create app configuration groups by job role, department, or app function.
• Monitor configuration status: Use Intune reports to verify policies applied successfully.
• Document your settings: Keep notes on why you chose specific configurations for troubleshooting later.
• Review regularly: Audit app configurations quarterly to ensure they still match your security and business needs.
• Avoid redundant settings: Don't set the same configuration multiple ways, as this can create conflicts.