New-MgBetaDeviceAppManagementAndroidManagedAppProtection

Create new navigation property to androidManagedAppProtections for deviceAppManagement

Note

To view the v1.0 release of this cmdlet, view New-MgDeviceAppManagementAndroidManagedAppProtection

Syntax

New-MgBetaDeviceAppManagementAndroidManagedAppProtection
   [-ResponseHeadersVariable <String>]
   [-AdditionalProperties <Hashtable>]
   [-AllowedAndroidDeviceManufacturers <String>]
   [-AllowedAndroidDeviceModels <String[]>]
   [-AllowedDataIngestionLocations <ManagedAppDataIngestionLocation[]>]
   [-AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]
   [-AllowedInboundDataTransferSources <ManagedAppDataTransferLevel>]
   [-AllowedOutboundClipboardSharingExceptionLength <Int32>]
   [-AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel>]
   [-AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel>]
   [-AppActionIfAccountIsClockedOut <ManagedAppRemediationAction>]
   [-AppActionIfAndroidDeviceManufacturerNotAllowed <ManagedAppRemediationAction>]
   [-AppActionIfAndroidDeviceModelNotAllowed <ManagedAppRemediationAction>]
   [-AppActionIfAndroidSafetyNetAppsVerificationFailed <ManagedAppRemediationAction>]
   [-AppActionIfAndroidSafetyNetDeviceAttestationFailed <ManagedAppRemediationAction>]
   [-AppActionIfDeviceComplianceRequired <ManagedAppRemediationAction>]
   [-AppActionIfDeviceLockNotSet <ManagedAppRemediationAction>]
   [-AppActionIfDevicePasscodeComplexityLessThanHigh <ManagedAppRemediationAction>]
   [-AppActionIfDevicePasscodeComplexityLessThanLow <ManagedAppRemediationAction>]
   [-AppActionIfDevicePasscodeComplexityLessThanMedium <ManagedAppRemediationAction>]
   [-AppActionIfMaximumPinRetriesExceeded <ManagedAppRemediationAction>]
   [-AppActionIfSamsungKnoxAttestationRequired <ManagedAppRemediationAction>]
   [-AppActionIfUnableToAuthenticateUser <ManagedAppRemediationAction>]
   [-AppGroupType <TargetedManagedAppGroupType>]
   [-ApprovedKeyboards <IMicrosoftGraphKeyValuePair[]>]
   [-Apps <IMicrosoftGraphManagedMobileApp[]>]
   [-Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]
   [-BiometricAuthenticationBlocked]
   [-BlockAfterCompanyPortalUpdateDeferralInDays <Int32>]
   [-BlockDataIngestionIntoOrganizationDocuments]
   [-ConnectToVpnOnLaunch]
   [-ContactSyncBlocked]
   [-CreatedDateTime <DateTime>]
   [-CustomBrowserDisplayName <String>]
   [-CustomBrowserPackageId <String>]
   [-CustomDialerAppDisplayName <String>]
   [-CustomDialerAppPackageId <String>]
   [-DataBackupBlocked]
   [-DeployedAppCount <Int32>]
   [-DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]
   [-Description <String>]
   [-DeviceComplianceRequired]
   [-DeviceLockRequired]
   [-DialerRestrictionLevel <ManagedAppPhoneNumberRedirectLevel>]
   [-DisableAppEncryptionIfDeviceEncryptionIsEnabled]
   [-DisableAppPinIfDevicePinIsSet]
   [-DisplayName <String>]
   [-EncryptAppData]
   [-ExemptedAppPackages <IMicrosoftGraphKeyValuePair[]>]
   [-FingerprintAndBiometricEnabled]
   [-FingerprintBlocked]
   [-GracePeriodToBlockAppsDuringOffClockHours <TimeSpan>]
   [-Id <String>]
   [-IsAssigned]
   [-KeyboardsRestricted]
   [-LastModifiedDateTime <DateTime>]
   [-ManagedBrowser <ManagedBrowserType>]
   [-ManagedBrowserToOpenLinksRequired]
   [-MaximumAllowedDeviceThreatLevel <ManagedAppDeviceThreatLevel>]
   [-MaximumPinRetries <Int32>]
   [-MaximumRequiredOSVersion <String>]
   [-MaximumWarningOSVersion <String>]
   [-MaximumWipeOSVersion <String>]
   [-MessagingRedirectAppDisplayName <String>]
   [-MessagingRedirectAppPackageId <String>]
   [-MinimumPinLength <Int32>]
   [-MinimumRequiredAppVersion <String>]
   [-MinimumRequiredCompanyPortalVersion <String>]
   [-MinimumRequiredOSVersion <String>]
   [-MinimumRequiredPatchVersion <String>]
   [-MinimumWarningAppVersion <String>]
   [-MinimumWarningCompanyPortalVersion <String>]
   [-MinimumWarningOSVersion <String>]
   [-MinimumWarningPatchVersion <String>]
   [-MinimumWipeAppVersion <String>]
   [-MinimumWipeCompanyPortalVersion <String>]
   [-MinimumWipeOSVersion <String>]
   [-MinimumWipePatchVersion <String>]
   [-MobileThreatDefensePartnerPriority <MobileThreatDefensePartnerPriority>]
   [-MobileThreatDefenseRemediationAction <ManagedAppRemediationAction>]
   [-NotificationRestriction <ManagedAppNotificationRestriction>]
   [-OrganizationalCredentialsRequired]
   [-PeriodBeforePinReset <TimeSpan>]
   [-PeriodOfflineBeforeAccessCheck <TimeSpan>]
   [-PeriodOfflineBeforeWipeIsEnforced <TimeSpan>]
   [-PeriodOnlineBeforeAccessCheck <TimeSpan>]
   [-PinCharacterSet <ManagedAppPinCharacterSet>]
   [-PinRequired]
   [-PinRequiredInsteadOfBiometricTimeout <TimeSpan>]
   [-PreviousPinBlockCount <Int32>]
   [-PrintBlocked]
   [-ProtectedMessagingRedirectAppType <MessagingRedirectAppType>]
   [-RequireClass3Biometrics]
   [-RequirePinAfterBiometricChange]
   [-RequiredAndroidSafetyNetAppsVerificationType <AndroidManagedAppSafetyNetAppsVerificationType>]
   [-RequiredAndroidSafetyNetDeviceAttestationType <AndroidManagedAppSafetyNetDeviceAttestationType>]
   [-RequiredAndroidSafetyNetEvaluationType <AndroidManagedAppSafetyNetEvaluationType>]
   [-RoleScopeTagIds <String[]>]
   [-SaveAsBlocked]
   [-ScreenCaptureBlocked]
   [-SimplePinBlocked]
   [-TargetedAppManagementLevels <AppManagementLevel>]
   [-Version <String>]
   [-WarnAfterCompanyPortalUpdateDeferralInDays <Int32>]
   [-WipeAfterCompanyPortalUpdateDeferralInDays <Int32>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-MgBetaDeviceAppManagementAndroidManagedAppProtection
   -BodyParameter <IMicrosoftGraphAndroidManagedAppProtection>
   [-ResponseHeadersVariable <String>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Create new navigation property to androidManagedAppProtections for deviceAppManagement

Parameters

-AdditionalProperties

Additional Parameters

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedAndroidDeviceManufacturers

Semicolon seperated list of device manufacturers allowed, as a string, for the managed app to work.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedAndroidDeviceModels

List of device models allowed, as a string, for the managed app to work.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedDataIngestionLocations

Data storage locations where a user may store managed data.

Type:ManagedAppDataIngestionLocation[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedDataStorageLocations

Data storage locations where a user may store managed data.

Type:ManagedAppDataStorageLocation[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedInboundDataTransferSources

Data can be transferred from/to these classes of apps

Type:ManagedAppDataTransferLevel
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedOutboundClipboardSharingExceptionLength

Specify the number of characters that may be cut or copied from Org data and accounts to any application. This setting overrides the AllowedOutboundClipboardSharingLevel restriction. Default value of '0' means no exception is allowed.

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedOutboundClipboardSharingLevel

Represents the level to which the device's clipboard may be shared between apps

Type:ManagedAppClipboardSharingLevel
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedOutboundDataTransferDestinations

Data can be transferred from/to these classes of apps

Type:ManagedAppDataTransferLevel
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfAccountIsClockedOut

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfAndroidDeviceManufacturerNotAllowed

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfAndroidDeviceModelNotAllowed

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfAndroidSafetyNetAppsVerificationFailed

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfAndroidSafetyNetDeviceAttestationFailed

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfDeviceComplianceRequired

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfDeviceLockNotSet

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfDevicePasscodeComplexityLessThanHigh

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfDevicePasscodeComplexityLessThanLow

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfDevicePasscodeComplexityLessThanMedium

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfMaximumPinRetriesExceeded

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfSamsungKnoxAttestationRequired

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppActionIfUnableToAuthenticateUser

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppGroupType

Indicates a collection of apps to target which can be one of several pre-defined lists of apps or a manually selected list of apps

Type:TargetedManagedAppGroupType
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ApprovedKeyboards

If Keyboard Restriction is enabled, only keyboards in this approved list will be allowed. A key should be Android package id for a keyboard and value should be a friendly name To construct, see NOTES section for APPROVEDKEYBOARDS properties and create a hash table.

Type:IMicrosoftGraphKeyValuePair[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Apps

List of apps to which the policy is deployed. To construct, see NOTES section for APPS properties and create a hash table.

Type:IMicrosoftGraphManagedMobileApp[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Assignments

Navigation property to list of inclusion and exclusion groups to which the policy is deployed. To construct, see NOTES section for ASSIGNMENTS properties and create a hash table.

Type:IMicrosoftGraphTargetedManagedAppPolicyAssignment[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BiometricAuthenticationBlocked

Indicates whether use of the biometric authentication is allowed in place of a pin if PinRequired is set to True.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BlockAfterCompanyPortalUpdateDeferralInDays

Maximum number of days Company Portal update can be deferred on the device or app access will be blocked.

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BlockDataIngestionIntoOrganizationDocuments

Indicates whether a user can bring data into org documents.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BodyParameter

Policy used to configure detailed management settings targeted to specific security groups and for a specified set of apps on an Android device To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Type:IMicrosoftGraphAndroidManagedAppProtection
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ConnectToVpnOnLaunch

Whether the app should connect to the configured VPN on launch.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ContactSyncBlocked

Indicates whether contacts can be synced to the user's device.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CreatedDateTime

The date and time the policy was created.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CustomBrowserDisplayName

Friendly name of the preferred custom browser to open weblink on Android. When this property is configured, ManagedBrowserToOpenLinksRequired should be true.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CustomBrowserPackageId

Unique identifier of the preferred custom browser to open weblink on Android. When this property is configured, ManagedBrowserToOpenLinksRequired should be true.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CustomDialerAppDisplayName

Friendly name of a custom dialer app to click-to-open a phone number on Android.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CustomDialerAppPackageId

PackageId of a custom dialer app to click-to-open a phone number on Android.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DataBackupBlocked

Indicates whether the backup of a managed app's data is blocked.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeployedAppCount

Count of apps to which the current policy is deployed.

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeploymentSummary

The ManagedAppEntity is the base entity type for all other entity types under app management workflow. To construct, see NOTES section for DEPLOYMENTSUMMARY properties and create a hash table.

Type:IMicrosoftGraphManagedAppPolicyDeploymentSummary
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

The policy's description.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeviceComplianceRequired

Indicates whether device compliance is required.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeviceLockRequired

Defines if any kind of lock must be required on android device

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DialerRestrictionLevel

The classes of apps that are allowed to click-to-open a phone number, for making phone calls or sending text messages.

Type:ManagedAppPhoneNumberRedirectLevel
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableAppEncryptionIfDeviceEncryptionIsEnabled

When this setting is enabled, app level encryption is disabled if device level encryption is enabled

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableAppPinIfDevicePinIsSet

Indicates whether use of the app pin is required if the device pin is set.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

Policy display name.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EncryptAppData

Indicates whether application data for managed apps should be encrypted

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExemptedAppPackages

App packages in this list will be exempt from the policy and will be able to receive data from managed apps. To construct, see NOTES section for EXEMPTEDAPPPACKAGES properties and create a hash table.

Type:IMicrosoftGraphKeyValuePair[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FingerprintAndBiometricEnabled

If null, this setting will be ignored. If false both fingerprints and biometrics will not be enabled. If true, both fingerprints and biometrics will be enabled.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FingerprintBlocked

Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-GracePeriodToBlockAppsDuringOffClockHours

A grace period before blocking app access during off clock hours.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Headers

Optional headers that will be added to the request.

Type:IDictionary
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Id

The unique identifier for an entity. Read-only.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsAssigned

Indicates if the policy is deployed to any inclusion groups or not.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyboardsRestricted

Indicates if keyboard restriction is enabled. If enabled list of approved keyboards must be provided as well.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-LastModifiedDateTime

Last time the policy was modified.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ManagedBrowser

Type of managed browser

Type:ManagedBrowserType
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ManagedBrowserToOpenLinksRequired

Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android)

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaximumAllowedDeviceThreatLevel

The maxium threat level allowed for an app to be compliant.

Type:ManagedAppDeviceThreatLevel
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaximumPinRetries

Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaximumRequiredOSVersion

Versions bigger than the specified version will block the managed app from accessing company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaximumWarningOSVersion

Versions bigger than the specified version will block the managed app from accessing company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaximumWipeOSVersion

Versions bigger than the specified version will block the managed app from accessing company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MessagingRedirectAppDisplayName

When a specific app redirection is enforced by protectedMessagingRedirectAppType in an App Protection Policy, this value defines the app name which is allowed to be used.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MessagingRedirectAppPackageId

When a specific app redirection is enforced by protectedMessagingRedirectAppType in an App Protection Policy, this value defines the app package id which is allowed to be used.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumPinLength

Minimum pin length required for an app-level pin if PinRequired is set to True

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumRequiredAppVersion

Versions less than the specified version will block the managed app from accessing company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumRequiredCompanyPortalVersion

Minimum version of the Company portal that must be installed on the device or app access will be blocked

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumRequiredOSVersion

Versions less than the specified version will block the managed app from accessing company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumRequiredPatchVersion

Define the oldest required Android security patch level a user can have to gain secure access to the app.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWarningAppVersion

Versions less than the specified version will result in warning message on the managed app.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWarningCompanyPortalVersion

Minimum version of the Company portal that must be installed on the device or the user will receive a warning

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWarningOSVersion

Versions less than the specified version will result in warning message on the managed app from accessing company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWarningPatchVersion

Define the oldest recommended Android security patch level a user can have for secure access to the app.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWipeAppVersion

Versions less than or equal to the specified version will wipe the managed app and the associated company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWipeCompanyPortalVersion

Minimum version of the Company portal that must be installed on the device or the company data on the app will be wiped

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWipeOSVersion

Versions less than or equal to the specified version will wipe the managed app and the associated company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWipePatchVersion

Android security patch level less than or equal to the specified value will wipe the managed app and the associated company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MobileThreatDefensePartnerPriority

Determines the conflict resolution strategy, when more than one Mobile Threat Defense provider is enabled.

Type:MobileThreatDefensePartnerPriority
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MobileThreatDefenseRemediationAction

An admin initiated action to be applied on a managed app.

Type:ManagedAppRemediationAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-NotificationRestriction

Restrict managed app notification

Type:ManagedAppNotificationRestriction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-OrganizationalCredentialsRequired

Indicates whether organizational credentials are required for app use.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PeriodBeforePinReset

TimePeriod before the all-level pin must be reset if PinRequired is set to True.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PeriodOfflineBeforeAccessCheck

The period after which access is checked when the device is not connected to the internet.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PeriodOfflineBeforeWipeIsEnforced

The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PeriodOnlineBeforeAccessCheck

The period after which access is checked when the device is connected to the internet.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PinCharacterSet

Character set which is to be used for a user's app PIN

Type:ManagedAppPinCharacterSet
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PinRequired

Indicates whether an app-level pin is required.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PinRequiredInsteadOfBiometricTimeout

Timeout in minutes for an app pin instead of non biometrics passcode

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PreviousPinBlockCount

Requires a pin to be unique from the number specified in this property.

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PrintBlocked

Indicates whether printing is allowed from managed apps.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

{{ Fill ProgressAction Description }}

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProtectedMessagingRedirectAppType

Defines how app messaging redirection is protected by an App Protection Policy. Default is anyApp.

Type:MessagingRedirectAppType
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequireClass3Biometrics

Require user to apply Class 3 Biometrics on their Android device.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequiredAndroidSafetyNetAppsVerificationType

An admin enforced Android SafetyNet Device Attestation requirement on a managed app.

Type:AndroidManagedAppSafetyNetAppsVerificationType
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequiredAndroidSafetyNetDeviceAttestationType

An admin enforced Android SafetyNet Device Attestation requirement on a managed app.

Type:AndroidManagedAppSafetyNetDeviceAttestationType
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequiredAndroidSafetyNetEvaluationType

An admin enforced Android SafetyNet evaluation type requirement on a managed app.

Type:AndroidManagedAppSafetyNetEvaluationType
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequirePinAfterBiometricChange

A PIN prompt will override biometric prompts if class 3 biometrics are updated on the device.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResponseHeadersVariable

Optional Response Headers Variable.

Type:String
Aliases:RHV
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RoleScopeTagIds

List of Scope Tags for this Entity instance.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SaveAsBlocked

Indicates whether users may use the 'Save As' menu item to save a copy of protected files.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ScreenCaptureBlocked

Indicates whether a managed user can take screen captures of managed apps

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SimplePinBlocked

Indicates whether simplePin is blocked.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TargetedAppManagementLevels

Management levels for apps

Type:AppManagementLevel
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Version

Version of the entity.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WarnAfterCompanyPortalUpdateDeferralInDays

Maximum number of days Company Portal update can be deferred on the device or the user will receive the warning

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WipeAfterCompanyPortalUpdateDeferralInDays

Maximum number of days Company Portal update can be deferred on the device or the company data on the app will be wiped

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphAndroidManagedAppProtection

System.Collections.IDictionary

Outputs

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphAndroidManagedAppProtection

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

APPROVEDKEYBOARDS <IMicrosoftGraphKeyValuePair- []>: If Keyboard Restriction is enabled, only keyboards in this approved list will be allowed. A key should be Android package id for a keyboard and value should be a friendly name

  • [Name <String>]: Name for this key-value pair
  • [Value <String>]: Value for this key-value pair

APPS <IMicrosoftGraphManagedMobileApp- []>: List of apps to which the policy is deployed.

  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
    • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Version <String>]: Version of the entity.

ASSIGNMENTS <IMicrosoftGraphTargetedManagedAppPolicyAssignment- []>: Navigation property to list of inclusion and exclusion groups to which the policy is deployed.

  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [Source <DeviceAndAppManagementAssignmentSource?>]: Represents source of assignment.
  • [SourceId <String>]: Identifier for resource used for deployment to a group
  • [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets.
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [DeviceAndAppManagementAssignmentFilterId <String>]: The Id of the filter for the target assignment.
    • [DeviceAndAppManagementAssignmentFilterType <DeviceAndAppManagementAssignmentFilterType?>]: Represents type of the assignment filter.

BODYPARAMETER <IMicrosoftGraphAndroidManagedAppProtection>: Policy used to configure detailed management settings targeted to specific security groups and for a specified set of apps on an Android device

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [AppGroupType <TargetedManagedAppGroupType?>]: Indicates a collection of apps to target which can be one of several pre-defined lists of apps or a manually selected list of apps
  • [Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment- []>]: Navigation property to list of inclusion and exclusion groups to which the policy is deployed.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [Source <DeviceAndAppManagementAssignmentSource?>]: Represents source of assignment.
    • [SourceId <String>]: Identifier for resource used for deployment to a group
    • [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets.
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [DeviceAndAppManagementAssignmentFilterId <String>]: The Id of the filter for the target assignment.
      • [DeviceAndAppManagementAssignmentFilterType <DeviceAndAppManagementAssignmentFilterType?>]: Represents type of the assignment filter.
  • [IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not.
  • [TargetedAppManagementLevels <AppManagementLevel?>]: Management levels for apps
  • [AllowedDataIngestionLocations <ManagedAppDataIngestionLocation- []>]: Data storage locations where a user may store managed data.
  • [AllowedDataStorageLocations <ManagedAppDataStorageLocation- []>]: Data storage locations where a user may store managed data.
  • [AllowedInboundDataTransferSources <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
  • [AllowedOutboundClipboardSharingExceptionLength <Int32?>]: Specify the number of characters that may be cut or copied from Org data and accounts to any application. This setting overrides the AllowedOutboundClipboardSharingLevel restriction. Default value of '0' means no exception is allowed.
  • [AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel?>]: Represents the level to which the device's clipboard may be shared between apps
  • [AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
  • [AppActionIfDeviceComplianceRequired <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfMaximumPinRetriesExceeded <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfUnableToAuthenticateUser <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [BlockDataIngestionIntoOrganizationDocuments <Boolean?>]: Indicates whether a user can bring data into org documents.
  • [ContactSyncBlocked <Boolean?>]: Indicates whether contacts can be synced to the user's device.
  • [DataBackupBlocked <Boolean?>]: Indicates whether the backup of a managed app's data is blocked.
  • [DeviceComplianceRequired <Boolean?>]: Indicates whether device compliance is required.
  • [DialerRestrictionLevel <ManagedAppPhoneNumberRedirectLevel?>]: The classes of apps that are allowed to click-to-open a phone number, for making phone calls or sending text messages.
  • [DisableAppPinIfDevicePinIsSet <Boolean?>]: Indicates whether use of the app pin is required if the device pin is set.
  • [FingerprintBlocked <Boolean?>]: Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.
  • [GracePeriodToBlockAppsDuringOffClockHours <TimeSpan?>]: A grace period before blocking app access during off clock hours.
  • [ManagedBrowser <ManagedBrowserType?>]: Type of managed browser
  • [ManagedBrowserToOpenLinksRequired <Boolean?>]: Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android)
  • [MaximumAllowedDeviceThreatLevel <ManagedAppDeviceThreatLevel?>]: The maxium threat level allowed for an app to be compliant.
  • [MaximumPinRetries <Int32?>]: Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.
  • [MaximumRequiredOSVersion <String>]: Versions bigger than the specified version will block the managed app from accessing company data.
  • [MaximumWarningOSVersion <String>]: Versions bigger than the specified version will block the managed app from accessing company data.
  • [MaximumWipeOSVersion <String>]: Versions bigger than the specified version will block the managed app from accessing company data.
  • [MinimumPinLength <Int32?>]: Minimum pin length required for an app-level pin if PinRequired is set to True
  • [MinimumRequiredAppVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
  • [MinimumRequiredOSVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
  • [MinimumWarningAppVersion <String>]: Versions less than the specified version will result in warning message on the managed app.
  • [MinimumWarningOSVersion <String>]: Versions less than the specified version will result in warning message on the managed app from accessing company data.
  • [MinimumWipeAppVersion <String>]: Versions less than or equal to the specified version will wipe the managed app and the associated company data.
  • [MinimumWipeOSVersion <String>]: Versions less than or equal to the specified version will wipe the managed app and the associated company data.
  • [MobileThreatDefensePartnerPriority <MobileThreatDefensePartnerPriority?>]: Determines the conflict resolution strategy, when more than one Mobile Threat Defense provider is enabled.
  • [MobileThreatDefenseRemediationAction <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [NotificationRestriction <ManagedAppNotificationRestriction?>]: Restrict managed app notification
  • [OrganizationalCredentialsRequired <Boolean?>]: Indicates whether organizational credentials are required for app use.
  • [PeriodBeforePinReset <TimeSpan?>]: TimePeriod before the all-level pin must be reset if PinRequired is set to True.
  • [PeriodOfflineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is not connected to the internet.
  • [PeriodOfflineBeforeWipeIsEnforced <TimeSpan?>]: The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.
  • [PeriodOnlineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is connected to the internet.
  • [PinCharacterSet <ManagedAppPinCharacterSet?>]: Character set which is to be used for a user's app PIN
  • [PinRequired <Boolean?>]: Indicates whether an app-level pin is required.
  • [PinRequiredInsteadOfBiometricTimeout <TimeSpan?>]: Timeout in minutes for an app pin instead of non biometrics passcode
  • [PreviousPinBlockCount <Int32?>]: Requires a pin to be unique from the number specified in this property.
  • [PrintBlocked <Boolean?>]: Indicates whether printing is allowed from managed apps.
  • [ProtectedMessagingRedirectAppType <MessagingRedirectAppType?>]: Defines how app messaging redirection is protected by an App Protection Policy. Default is anyApp.
  • [SaveAsBlocked <Boolean?>]: Indicates whether users may use the 'Save As' menu item to save a copy of protected files.
  • [SimplePinBlocked <Boolean?>]: Indicates whether simplePin is blocked.
  • [CreatedDateTime <DateTime?>]: The date and time the policy was created.
  • [Description <String>]: The policy's description.
  • [DisplayName <String>]: Policy display name.
  • [LastModifiedDateTime <DateTime?>]: Last time the policy was modified.
  • [RoleScopeTagIds <String- []>]: List of Scope Tags for this Entity instance.
  • [Version <String>]: Version of the entity.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [AllowedAndroidDeviceManufacturers <String>]: Semicolon seperated list of device manufacturers allowed, as a string, for the managed app to work.
  • [AllowedAndroidDeviceModels <String- []>]: List of device models allowed, as a string, for the managed app to work.
  • [AppActionIfAccountIsClockedOut <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfAndroidDeviceManufacturerNotAllowed <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfAndroidDeviceModelNotAllowed <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfAndroidSafetyNetAppsVerificationFailed <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfAndroidSafetyNetDeviceAttestationFailed <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfDeviceLockNotSet <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfDevicePasscodeComplexityLessThanHigh <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfDevicePasscodeComplexityLessThanLow <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfDevicePasscodeComplexityLessThanMedium <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [AppActionIfSamsungKnoxAttestationRequired <ManagedAppRemediationAction?>]: An admin initiated action to be applied on a managed app.
  • [ApprovedKeyboards <IMicrosoftGraphKeyValuePair- []>]: If Keyboard Restriction is enabled, only keyboards in this approved list will be allowed. A key should be Android package id for a keyboard and value should be a friendly name
    • [Name <String>]: Name for this key-value pair
    • [Value <String>]: Value for this key-value pair
  • [Apps <IMicrosoftGraphManagedMobileApp- []>]: List of apps to which the policy is deployed.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
      • [(Any) <Object>]: This indicates any property can be added to this object.
    • [Version <String>]: Version of the entity.
  • [BiometricAuthenticationBlocked <Boolean?>]: Indicates whether use of the biometric authentication is allowed in place of a pin if PinRequired is set to True.
  • [BlockAfterCompanyPortalUpdateDeferralInDays <Int32?>]: Maximum number of days Company Portal update can be deferred on the device or app access will be blocked.
  • [ConnectToVpnOnLaunch <Boolean?>]: Whether the app should connect to the configured VPN on launch.
  • [CustomBrowserDisplayName <String>]: Friendly name of the preferred custom browser to open weblink on Android. When this property is configured, ManagedBrowserToOpenLinksRequired should be true.
  • [CustomBrowserPackageId <String>]: Unique identifier of the preferred custom browser to open weblink on Android. When this property is configured, ManagedBrowserToOpenLinksRequired should be true.
  • [CustomDialerAppDisplayName <String>]: Friendly name of a custom dialer app to click-to-open a phone number on Android.
  • [CustomDialerAppPackageId <String>]: PackageId of a custom dialer app to click-to-open a phone number on Android.
  • [DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed.
  • [DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow.
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [ConfigurationDeployedUserCount <Int32?>]:
    • [ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp- []>]:
      • [ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied.
      • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
    • [DisplayName <String>]:
    • [LastRefreshTime <DateTime?>]:
    • [Version <String>]: Version of the entity.
  • [DeviceLockRequired <Boolean?>]: Defines if any kind of lock must be required on android device
  • [DisableAppEncryptionIfDeviceEncryptionIsEnabled <Boolean?>]: When this setting is enabled, app level encryption is disabled if device level encryption is enabled
  • [EncryptAppData <Boolean?>]: Indicates whether application data for managed apps should be encrypted
  • [ExemptedAppPackages <IMicrosoftGraphKeyValuePair- []>]: App packages in this list will be exempt from the policy and will be able to receive data from managed apps.
  • [FingerprintAndBiometricEnabled <Boolean?>]: If null, this setting will be ignored. If false both fingerprints and biometrics will not be enabled. If true, both fingerprints and biometrics will be enabled.
  • [KeyboardsRestricted <Boolean?>]: Indicates if keyboard restriction is enabled. If enabled list of approved keyboards must be provided as well.
  • [MessagingRedirectAppDisplayName <String>]: When a specific app redirection is enforced by protectedMessagingRedirectAppType in an App Protection Policy, this value defines the app name which is allowed to be used.
  • [MessagingRedirectAppPackageId <String>]: When a specific app redirection is enforced by protectedMessagingRedirectAppType in an App Protection Policy, this value defines the app package id which is allowed to be used.
  • [MinimumRequiredCompanyPortalVersion <String>]: Minimum version of the Company portal that must be installed on the device or app access will be blocked
  • [MinimumRequiredPatchVersion <String>]: Define the oldest required Android security patch level a user can have to gain secure access to the app.
  • [MinimumWarningCompanyPortalVersion <String>]: Minimum version of the Company portal that must be installed on the device or the user will receive a warning
  • [MinimumWarningPatchVersion <String>]: Define the oldest recommended Android security patch level a user can have for secure access to the app.
  • [MinimumWipeCompanyPortalVersion <String>]: Minimum version of the Company portal that must be installed on the device or the company data on the app will be wiped
  • [MinimumWipePatchVersion <String>]: Android security patch level less than or equal to the specified value will wipe the managed app and the associated company data.
  • [RequireClass3Biometrics <Boolean?>]: Require user to apply Class 3 Biometrics on their Android device.
  • [RequirePinAfterBiometricChange <Boolean?>]: A PIN prompt will override biometric prompts if class 3 biometrics are updated on the device.
  • [RequiredAndroidSafetyNetAppsVerificationType <AndroidManagedAppSafetyNetAppsVerificationType?>]: An admin enforced Android SafetyNet Device Attestation requirement on a managed app.
  • [RequiredAndroidSafetyNetDeviceAttestationType <AndroidManagedAppSafetyNetDeviceAttestationType?>]: An admin enforced Android SafetyNet Device Attestation requirement on a managed app.
  • [RequiredAndroidSafetyNetEvaluationType <AndroidManagedAppSafetyNetEvaluationType?>]: An admin enforced Android SafetyNet evaluation type requirement on a managed app.
  • [ScreenCaptureBlocked <Boolean?>]: Indicates whether a managed user can take screen captures of managed apps
  • [WarnAfterCompanyPortalUpdateDeferralInDays <Int32?>]: Maximum number of days Company Portal update can be deferred on the device or the user will receive the warning
  • [WipeAfterCompanyPortalUpdateDeferralInDays <Int32?>]: Maximum number of days Company Portal update can be deferred on the device or the company data on the app will be wiped

DEPLOYMENTSUMMARY <IMicrosoftGraphManagedAppPolicyDeploymentSummary>: The ManagedAppEntity is the base entity type for all other entity types under app management workflow.

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [ConfigurationDeployedUserCount <Int32?>]:
  • [ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp- []>]:
    • [ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied.
    • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
      • [(Any) <Object>]: This indicates any property can be added to this object.
  • [DisplayName <String>]:
  • [LastRefreshTime <DateTime?>]:
  • [Version <String>]: Version of the entity.

EXEMPTEDAPPPACKAGES <IMicrosoftGraphKeyValuePair- []>: App packages in this list will be exempt from the policy and will be able to receive data from managed apps.

  • [Name <String>]: Name for this key-value pair
  • [Value <String>]: Value for this key-value pair

https://learn.microsoft.com/powershell/module/microsoft.graph.beta.devices.corporatemanagement/new-mgbetadeviceappmanagementandroidmanagedappprotection