Update-MgDeviceAppManagementDefaultManagedAppProtection

Module:

Microsoft.Graph.Devices.CorporateManagement Module

Update the properties of a defaultManagedAppProtection object.

Note

To view the beta release of this cmdlet, view Update-MgBetaDeviceAppManagementDefaultManagedAppProtection

Syntax

UpdateExpanded (Default)

Update-MgDeviceAppManagementDefaultManagedAppProtection
    -DefaultManagedAppProtectionId <String>
    [-ResponseHeadersVariable <String>]
    [-AdditionalProperties <Hashtable>]
    [-AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]
    [-AllowedInboundDataTransferSources <ManagedAppDataTransferLevel>]
    [-AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel>]
    [-AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel>]
    [-AppDataEncryptionType <ManagedAppDataEncryptionType>]
    [-Apps <IMicrosoftGraphManagedMobileApp[]>]
    [-ContactSyncBlocked]
    [-CreatedDateTime <DateTime>]
    [-CustomSettings <IMicrosoftGraphKeyValuePair[]>]
    [-DataBackupBlocked]
    [-DeployedAppCount <Int32>]
    [-DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]
    [-Description <String>]
    [-DeviceComplianceRequired]
    [-DisableAppEncryptionIfDeviceEncryptionIsEnabled]
    [-DisableAppPinIfDevicePinIsSet]
    [-DisplayName <String>]
    [-EncryptAppData]
    [-FaceIdBlocked]
    [-FingerprintBlocked]
    [-Id <String>]
    [-LastModifiedDateTime <DateTime>]
    [-ManagedBrowser <ManagedBrowserType>]
    [-ManagedBrowserToOpenLinksRequired]
    [-MaximumPinRetries <Int32>]
    [-MinimumPinLength <Int32>]
    [-MinimumRequiredAppVersion <String>]
    [-MinimumRequiredOSVersion <String>]
    [-MinimumRequiredPatchVersion <String>]
    [-MinimumRequiredSdkVersion <String>]
    [-MinimumWarningAppVersion <String>]
    [-MinimumWarningOSVersion <String>]
    [-MinimumWarningPatchVersion <String>]
    [-OrganizationalCredentialsRequired]
    [-PeriodBeforePinReset <TimeSpan>]
    [-PeriodOfflineBeforeAccessCheck <TimeSpan>]
    [-PeriodOfflineBeforeWipeIsEnforced <TimeSpan>]
    [-PeriodOnlineBeforeAccessCheck <TimeSpan>]
    [-PinCharacterSet <ManagedAppPinCharacterSet>]
    [-PinRequired]
    [-PrintBlocked]
    [-SaveAsBlocked]
    [-ScreenCaptureBlocked]
    [-SimplePinBlocked]
    [-Version <String>]
    [-Headers <IDictionary>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Update

Update-MgDeviceAppManagementDefaultManagedAppProtection
    -DefaultManagedAppProtectionId <String>
    -BodyParameter <IMicrosoftGraphDefaultManagedAppProtection>
    [-ResponseHeadersVariable <String>]
    [-Headers <IDictionary>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

UpdateViaIdentityExpanded

Update-MgDeviceAppManagementDefaultManagedAppProtection
    -InputObject <IDevicesCorporateManagementIdentity>
    [-ResponseHeadersVariable <String>]
    [-AdditionalProperties <Hashtable>]
    [-AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]
    [-AllowedInboundDataTransferSources <ManagedAppDataTransferLevel>]
    [-AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel>]
    [-AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel>]
    [-AppDataEncryptionType <ManagedAppDataEncryptionType>]
    [-Apps <IMicrosoftGraphManagedMobileApp[]>]
    [-ContactSyncBlocked]
    [-CreatedDateTime <DateTime>]
    [-CustomSettings <IMicrosoftGraphKeyValuePair[]>]
    [-DataBackupBlocked]
    [-DeployedAppCount <Int32>]
    [-DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]
    [-Description <String>]
    [-DeviceComplianceRequired]
    [-DisableAppEncryptionIfDeviceEncryptionIsEnabled]
    [-DisableAppPinIfDevicePinIsSet]
    [-DisplayName <String>]
    [-EncryptAppData]
    [-FaceIdBlocked]
    [-FingerprintBlocked]
    [-Id <String>]
    [-LastModifiedDateTime <DateTime>]
    [-ManagedBrowser <ManagedBrowserType>]
    [-ManagedBrowserToOpenLinksRequired]
    [-MaximumPinRetries <Int32>]
    [-MinimumPinLength <Int32>]
    [-MinimumRequiredAppVersion <String>]
    [-MinimumRequiredOSVersion <String>]
    [-MinimumRequiredPatchVersion <String>]
    [-MinimumRequiredSdkVersion <String>]
    [-MinimumWarningAppVersion <String>]
    [-MinimumWarningOSVersion <String>]
    [-MinimumWarningPatchVersion <String>]
    [-OrganizationalCredentialsRequired]
    [-PeriodBeforePinReset <TimeSpan>]
    [-PeriodOfflineBeforeAccessCheck <TimeSpan>]
    [-PeriodOfflineBeforeWipeIsEnforced <TimeSpan>]
    [-PeriodOnlineBeforeAccessCheck <TimeSpan>]
    [-PinCharacterSet <ManagedAppPinCharacterSet>]
    [-PinRequired]
    [-PrintBlocked]
    [-SaveAsBlocked]
    [-ScreenCaptureBlocked]
    [-SimplePinBlocked]
    [-Version <String>]
    [-Headers <IDictionary>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

UpdateViaIdentity

Update-MgDeviceAppManagementDefaultManagedAppProtection
    -InputObject <IDevicesCorporateManagementIdentity>
    -BodyParameter <IMicrosoftGraphDefaultManagedAppProtection>
    [-ResponseHeadersVariable <String>]
    [-Headers <IDictionary>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

Update the properties of a defaultManagedAppProtection object.

Permissions

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All,
Delegated (personal Microsoft account)	Not supported
Application	DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All,

Examples

Example 1: Code snippet

Import-Module Microsoft.Graph.Devices.CorporateManagement

$params = @{
	"@odata.type" = "#microsoft.graph.defaultManagedAppProtection"
	displayName = "Display Name value"
	description = "Description value"
	version = "Version value"
	periodOfflineBeforeAccessCheck = "-PT17.1357909S"
	periodOnlineBeforeAccessCheck = "PT35.0018757S"
	allowedInboundDataTransferSources = "managedApps"
	allowedOutboundDataTransferDestinations = "managedApps"
	organizationalCredentialsRequired = $true
	allowedOutboundClipboardSharingLevel = "managedAppsWithPasteIn"
	dataBackupBlocked = $true
	deviceComplianceRequired = $true
	managedBrowserToOpenLinksRequired = $true
	saveAsBlocked = $true
	periodOfflineBeforeWipeIsEnforced = "-PT3M22.1587532S"
	pinRequired = $true
	maximumPinRetries = 1
	simplePinBlocked = $true
	minimumPinLength = 0
	pinCharacterSet = "alphanumericAndSymbol"
	periodBeforePinReset = "PT3M29.6631862S"
	allowedDataStorageLocations = @(
	"sharePoint"
)
contactSyncBlocked = $true
printBlocked = $true
fingerprintBlocked = $true
disableAppPinIfDevicePinIsSet = $true
minimumRequiredOsVersion = "Minimum Required Os Version value"
minimumWarningOsVersion = "Minimum Warning Os Version value"
minimumRequiredAppVersion = "Minimum Required App Version value"
minimumWarningAppVersion = "Minimum Warning App Version value"
managedBrowser = "microsoftEdge"
appDataEncryptionType = "afterDeviceRestart"
screenCaptureBlocked = $true
encryptAppData = $true
disableAppEncryptionIfDeviceEncryptionIsEnabled = $true
minimumRequiredSdkVersion = "Minimum Required Sdk Version value"
customSettings = @(
	@{
		"@odata.type" = "microsoft.graph.keyValuePair"
		name = "Name value"
		value = "Value value"
	}
)
deployedAppCount = 0
minimumRequiredPatchVersion = "Minimum Required Patch Version value"
minimumWarningPatchVersion = "Minimum Warning Patch Version value"
faceIdBlocked = $true
}

Update-MgDeviceAppManagementDefaultManagedAppProtection -DefaultManagedAppProtectionId $defaultManagedAppProtectionId -BodyParameter $params

This example shows how to use the Update-MgDeviceAppManagementDefaultManagedAppProtection Cmdlet.

Parameters

-AdditionalProperties

Additional Parameters

Parameter properties

Type:	Hashtable
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-AllowedDataStorageLocations

Data storage locations where a user may store managed data.

Parameter properties

Type:	ManagedAppDataStorageLocation[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-AllowedInboundDataTransferSources

Data can be transferred from/to these classes of apps

Parameter properties

Type:	ManagedAppDataTransferLevel
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-AllowedOutboundClipboardSharingLevel

Represents the level to which the device's clipboard may be shared between apps

Parameter properties

Type:	ManagedAppClipboardSharingLevel
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-AllowedOutboundDataTransferDestinations

Data can be transferred from/to these classes of apps

Parameter properties

Type:	ManagedAppDataTransferLevel
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-AppDataEncryptionType

Represents the level to which app data is encrypted for managed apps

Parameter properties

Type:	ManagedAppDataEncryptionType
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Apps

List of apps to which the policy is deployed. To construct, see NOTES section for APPS properties and create a hash table.

Parameter properties

Type:	IMicrosoftGraphManagedMobileApp[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-BodyParameter

Policy used to configure detailed management settings for a specified set of apps for all users not targeted by a TargetedManagedAppProtection Policy To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Parameter properties

Type:	IMicrosoftGraphDefaultManagedAppProtection
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

Update

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentity

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ContactSyncBlocked

Indicates whether contacts can be synced to the user's device.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-CreatedDateTime

The date and time the policy was created.

Parameter properties

Type:	DateTime
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-CustomSettings

A set of string key and string value pairs to be sent to the affected users, unalterned by this service To construct, see NOTES section for CUSTOMSETTINGS properties and create a hash table.

Parameter properties

Type:	IMicrosoftGraphKeyValuePair[]
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DataBackupBlocked

Indicates whether the backup of a managed app's data is blocked.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DefaultManagedAppProtectionId

The unique identifier of defaultManagedAppProtection

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Update

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DeployedAppCount

Count of apps to which the current policy is deployed.

Parameter properties

Type:	Int32
Default value:	0
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DeploymentSummary

The ManagedAppEntity is the base entity type for all other entity types under app management workflow. To construct, see NOTES section for DEPLOYMENTSUMMARY properties and create a hash table.

Parameter properties

Type:	IMicrosoftGraphManagedAppPolicyDeploymentSummary
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Description

The policy's description.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DeviceComplianceRequired

Indicates whether device compliance is required.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DisableAppEncryptionIfDeviceEncryptionIsEnabled

When this setting is enabled, app level encryption is disabled if device level encryption is enabled. (Android only)

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DisableAppPinIfDevicePinIsSet

Indicates whether use of the app pin is required if the device pin is set.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DisplayName

Policy display name.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-EncryptAppData

Indicates whether managed-app data should be encrypted. (Android only)

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-FaceIdBlocked

Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. (iOS Only)

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-FingerprintBlocked

Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Headers

Optional headers that will be added to the request.

Parameter properties

Type:	IDictionary
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Id

The unique identifier for an entity. Read-only.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Parameter properties

Type:	IDevicesCorporateManagementIdentity
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentity

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-LastModifiedDateTime

Last time the policy was modified.

Parameter properties

Type:	DateTime
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ManagedBrowser

Type of managed browser

Parameter properties

Type:	ManagedBrowserType
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ManagedBrowserToOpenLinksRequired

Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android)

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-MaximumPinRetries

Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.

Parameter properties

Type:	Int32
Default value:	0
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-MinimumPinLength

Minimum pin length required for an app-level pin if PinRequired is set to True

Parameter properties

Type:	Int32
Default value:	0
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-MinimumRequiredAppVersion

Versions less than the specified version will block the managed app from accessing company data.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-MinimumRequiredOSVersion

Versions less than the specified version will block the managed app from accessing company data.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-MinimumRequiredPatchVersion

Define the oldest required Android security patch level a user can have to gain secure access to the app. (Android only)

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-MinimumRequiredSdkVersion

Versions less than the specified version will block the managed app from accessing company data. (iOS Only)

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-MinimumWarningAppVersion

Versions less than the specified version will result in warning message on the managed app.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-MinimumWarningOSVersion

Versions less than the specified version will result in warning message on the managed app from accessing company data.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-MinimumWarningPatchVersion

Define the oldest recommended Android security patch level a user can have for secure access to the app. (Android only)

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-OrganizationalCredentialsRequired

Indicates whether organizational credentials are required for app use.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PeriodBeforePinReset

TimePeriod before the all-level pin must be reset if PinRequired is set to True.

Parameter properties

Type:	TimeSpan
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PeriodOfflineBeforeAccessCheck

The period after which access is checked when the device is not connected to the internet.

Parameter properties

Type:	TimeSpan
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PeriodOfflineBeforeWipeIsEnforced

The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.

Parameter properties

Type:	TimeSpan
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PeriodOnlineBeforeAccessCheck

The period after which access is checked when the device is connected to the internet.

Parameter properties

Type:	TimeSpan
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PinCharacterSet

Character set which is to be used for a user's app PIN

Parameter properties

Type:	ManagedAppPinCharacterSet
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PinRequired

Indicates whether an app-level pin is required.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PrintBlocked

Indicates whether printing is allowed from managed apps.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResponseHeadersVariable

Optional Response Headers Variable.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	RHV

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SaveAsBlocked

Indicates whether users may use the 'Save As' menu item to save a copy of protected files.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ScreenCaptureBlocked

Indicates whether screen capture is blocked. (Android only)

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SimplePinBlocked

Indicates whether simplePin is blocked.

Parameter properties

Type:	SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Version

Version of the entity.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

Microsoft.Graph.PowerShell.Models.IDevicesCorporateManagementIdentity

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDefaultManagedAppProtection

System.Collections.IDictionary

Outputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDefaultManagedAppProtection

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

APPS <IMicrosoftGraphManagedMobileApp- []>: List of apps to which the policy is deployed.

• [Id <String>]: The unique identifier for an entity. Read-only.
• [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
  • [(Any) <Object>]: This indicates any property can be added to this object.
• [Version <String>]: Version of the entity.

BODYPARAMETER <IMicrosoftGraphDefaultManagedAppProtection>: Policy used to configure detailed management settings for a specified set of apps for all users not targeted by a TargetedManagedAppProtection Policy

• [(Any) <Object>]: This indicates any property can be added to this object.
• [AllowedDataStorageLocations <ManagedAppDataStorageLocation- []>]: Data storage locations where a user may store managed data.
• [AllowedInboundDataTransferSources <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
• [AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel?>]: Represents the level to which the device's clipboard may be shared between apps
• [AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
• [ContactSyncBlocked <Boolean?>]: Indicates whether contacts can be synced to the user's device.
• [DataBackupBlocked <Boolean?>]: Indicates whether the backup of a managed app's data is blocked.
• [DeviceComplianceRequired <Boolean?>]: Indicates whether device compliance is required.
• [DisableAppPinIfDevicePinIsSet <Boolean?>]: Indicates whether use of the app pin is required if the device pin is set.
• [FingerprintBlocked <Boolean?>]: Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.
• [ManagedBrowser <ManagedBrowserType?>]: Type of managed browser
• [ManagedBrowserToOpenLinksRequired <Boolean?>]: Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android)
• [MaximumPinRetries <Int32?>]: Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.
• [MinimumPinLength <Int32?>]: Minimum pin length required for an app-level pin if PinRequired is set to True
• [MinimumRequiredAppVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
• [MinimumRequiredOSVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
• [MinimumWarningAppVersion <String>]: Versions less than the specified version will result in warning message on the managed app.
• [MinimumWarningOSVersion <String>]: Versions less than the specified version will result in warning message on the managed app from accessing company data.
• [OrganizationalCredentialsRequired <Boolean?>]: Indicates whether organizational credentials are required for app use.
• [PeriodBeforePinReset <TimeSpan?>]: TimePeriod before the all-level pin must be reset if PinRequired is set to True.
• [PeriodOfflineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is not connected to the internet.
• [PeriodOfflineBeforeWipeIsEnforced <TimeSpan?>]: The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.
• [PeriodOnlineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is connected to the internet.
• [PinCharacterSet <ManagedAppPinCharacterSet?>]: Character set which is to be used for a user's app PIN
• [PinRequired <Boolean?>]: Indicates whether an app-level pin is required.
• [PrintBlocked <Boolean?>]: Indicates whether printing is allowed from managed apps.
• [SaveAsBlocked <Boolean?>]: Indicates whether users may use the 'Save As' menu item to save a copy of protected files.
• [SimplePinBlocked <Boolean?>]: Indicates whether simplePin is blocked.
• [CreatedDateTime <DateTime?>]: The date and time the policy was created.
• [Description <String>]: The policy's description.
• [DisplayName <String>]: Policy display name.
• [LastModifiedDateTime <DateTime?>]: Last time the policy was modified.
• [Version <String>]: Version of the entity.
• [Id <String>]: The unique identifier for an entity. Read-only.
• [AppDataEncryptionType <ManagedAppDataEncryptionType?>]: Represents the level to which app data is encrypted for managed apps
• [Apps <IMicrosoftGraphManagedMobileApp- []>]: List of apps to which the policy is deployed.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
    • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Version <String>]: Version of the entity.
• [CustomSettings <IMicrosoftGraphKeyValuePair- []>]: A set of string key and string value pairs to be sent to the affected users, unalterned by this service
  • [Name <String>]: Name for this key-value pair
  • [Value <String>]: Value for this key-value pair
• [DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed.
• [DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow.
  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [ConfigurationDeployedUserCount <Int32?>]: Not yet documented
  • [ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp- []>]: Not yet documented
    • [ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied.
    • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
  • [DisplayName <String>]: Not yet documented
  • [LastRefreshTime <DateTime?>]: Not yet documented
  • [Version <String>]: Version of the entity.
• [DisableAppEncryptionIfDeviceEncryptionIsEnabled <Boolean?>]: When this setting is enabled, app level encryption is disabled if device level encryption is enabled. (Android only)
• [EncryptAppData <Boolean?>]: Indicates whether managed-app data should be encrypted. (Android only)
• [FaceIdBlocked <Boolean?>]: Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. (iOS Only)
• [MinimumRequiredPatchVersion <String>]: Define the oldest required Android security patch level a user can have to gain secure access to the app. (Android only)
• [MinimumRequiredSdkVersion <String>]: Versions less than the specified version will block the managed app from accessing company data. (iOS Only)
• [MinimumWarningPatchVersion <String>]: Define the oldest recommended Android security patch level a user can have for secure access to the app. (Android only)
• [ScreenCaptureBlocked <Boolean?>]: Indicates whether screen capture is blocked. (Android only)

CUSTOMSETTINGS <IMicrosoftGraphKeyValuePair- []>: A set of string key and string value pairs to be sent to the affected users, unalterned by this service

• [Name <String>]: Name for this key-value pair
• [Value <String>]: Value for this key-value pair

DEPLOYMENTSUMMARY <IMicrosoftGraphManagedAppPolicyDeploymentSummary>: The ManagedAppEntity is the base entity type for all other entity types under app management workflow.

• [(Any) <Object>]: This indicates any property can be added to this object.
• [Id <String>]: The unique identifier for an entity. Read-only.
• [ConfigurationDeployedUserCount <Int32?>]: Not yet documented
• [ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp- []>]: Not yet documented
  • [ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied.
  • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
    • [(Any) <Object>]: This indicates any property can be added to this object.
• [DisplayName <String>]: Not yet documented
• [LastRefreshTime <DateTime?>]: Not yet documented
• [Version <String>]: Version of the entity.

INPUTOBJECT <IDevicesCorporateManagementIdentity>: Identity Parameter

• [AndroidManagedAppProtectionId <String>]: The unique identifier of androidManagedAppProtection
• [DefaultManagedAppProtectionId <String>]: The unique identifier of defaultManagedAppProtection
• [DeviceCompliancePolicyStateId <String>]: The unique identifier of deviceCompliancePolicyState
• [DeviceConfigurationStateId <String>]: The unique identifier of deviceConfigurationState
• [DeviceInstallStateId <String>]: The unique identifier of deviceInstallState
• [DeviceLogCollectionResponseId <String>]: The unique identifier of deviceLogCollectionResponse
• [DeviceManagementTroubleshootingEventId <String>]: The unique identifier of deviceManagementTroubleshootingEvent
• [IosManagedAppProtectionId <String>]: The unique identifier of iosManagedAppProtection
• [ManagedAppOperationId <String>]: The unique identifier of managedAppOperation
• [ManagedAppPolicyId <String>]: The unique identifier of managedAppPolicy
• [ManagedAppRegistrationId <String>]: The unique identifier of managedAppRegistration
• [ManagedAppStatusId <String>]: The unique identifier of managedAppStatus
• [ManagedDeviceId <String>]: The unique identifier of managedDevice
• [ManagedDeviceMobileAppConfigurationAssignmentId <String>]: The unique identifier of managedDeviceMobileAppConfigurationAssignment
• [ManagedDeviceMobileAppConfigurationDeviceStatusId <String>]: The unique identifier of managedDeviceMobileAppConfigurationDeviceStatus
• [ManagedDeviceMobileAppConfigurationId <String>]: The unique identifier of managedDeviceMobileAppConfiguration
• [ManagedDeviceMobileAppConfigurationUserStatusId <String>]: The unique identifier of managedDeviceMobileAppConfigurationUserStatus
• [ManagedEBookAssignmentId <String>]: The unique identifier of managedEBookAssignment
• [ManagedEBookId <String>]: The unique identifier of managedEBook
• [ManagedMobileAppId <String>]: The unique identifier of managedMobileApp
• [MdmWindowsInformationProtectionPolicyId <String>]: The unique identifier of mdmWindowsInformationProtectionPolicy
• [MobileAppAssignmentId <String>]: The unique identifier of mobileAppAssignment
• [MobileAppCategoryId <String>]: The unique identifier of mobileAppCategory
• [MobileAppContentFileId <String>]: The unique identifier of mobileAppContentFile
• [MobileAppContentId <String>]: The unique identifier of mobileAppContent
• [MobileAppId <String>]: The unique identifier of mobileApp
• [MobileContainedAppId <String>]: The unique identifier of mobileContainedApp
• [TargetedManagedAppConfigurationId <String>]: The unique identifier of targetedManagedAppConfiguration
• [TargetedManagedAppPolicyAssignmentId <String>]: The unique identifier of targetedManagedAppPolicyAssignment
• [UserId <String>]: The unique identifier of user
• [UserInstallStateSummaryId <String>]: The unique identifier of userInstallStateSummary
• [VppTokenId <String>]: The unique identifier of vppToken
• [WindowsDeviceMalwareStateId <String>]: The unique identifier of windowsDeviceMalwareState
• [WindowsInformationProtectionAppLockerFileId <String>]: The unique identifier of windowsInformationProtectionAppLockerFile
• [WindowsInformationProtectionPolicyId <String>]: The unique identifier of windowsInformationProtectionPolicy

Related Links

• https://learn.microsoft.com/powershell/module/microsoft.graph.devices.corporatemanagement/update-mgdeviceappmanagementdefaultmanagedappprotection
• https://learn.microsoft.com/graph/api/intune-mam-defaultmanagedappprotection-update?view=graph-rest-1.0