Update-MgDeviceAppManagementDefaultManagedAppProtection

Update the properties of a defaultManagedAppProtection object.

Note

To view the beta release of this cmdlet, view Update-MgBetaDeviceAppManagementDefaultManagedAppProtection

Syntax

Update-MgDeviceAppManagementDefaultManagedAppProtection
      -DefaultManagedAppProtectionId <String>
      [-ResponseHeadersVariable <String>]
      [-AdditionalProperties <Hashtable>]
      [-AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]
      [-AllowedInboundDataTransferSources <ManagedAppDataTransferLevel>]
      [-AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel>]
      [-AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel>]
      [-AppDataEncryptionType <ManagedAppDataEncryptionType>]
      [-Apps <IMicrosoftGraphManagedMobileApp[]>]
      [-ContactSyncBlocked]
      [-CreatedDateTime <DateTime>]
      [-CustomSettings <IMicrosoftGraphKeyValuePair[]>]
      [-DataBackupBlocked]
      [-DeployedAppCount <Int32>]
      [-DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]
      [-Description <String>]
      [-DeviceComplianceRequired]
      [-DisableAppEncryptionIfDeviceEncryptionIsEnabled]
      [-DisableAppPinIfDevicePinIsSet]
      [-DisplayName <String>]
      [-EncryptAppData]
      [-FaceIdBlocked]
      [-FingerprintBlocked]
      [-Id <String>]
      [-LastModifiedDateTime <DateTime>]
      [-ManagedBrowser <ManagedBrowserType>]
      [-ManagedBrowserToOpenLinksRequired]
      [-MaximumPinRetries <Int32>]
      [-MinimumPinLength <Int32>]
      [-MinimumRequiredAppVersion <String>]
      [-MinimumRequiredOSVersion <String>]
      [-MinimumRequiredPatchVersion <String>]
      [-MinimumRequiredSdkVersion <String>]
      [-MinimumWarningAppVersion <String>]
      [-MinimumWarningOSVersion <String>]
      [-MinimumWarningPatchVersion <String>]
      [-OrganizationalCredentialsRequired]
      [-PeriodBeforePinReset <TimeSpan>]
      [-PeriodOfflineBeforeAccessCheck <TimeSpan>]
      [-PeriodOfflineBeforeWipeIsEnforced <TimeSpan>]
      [-PeriodOnlineBeforeAccessCheck <TimeSpan>]
      [-PinCharacterSet <ManagedAppPinCharacterSet>]
      [-PinRequired]
      [-PrintBlocked]
      [-SaveAsBlocked]
      [-ScreenCaptureBlocked]
      [-SimplePinBlocked]
      [-Version <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-MgDeviceAppManagementDefaultManagedAppProtection
      -DefaultManagedAppProtectionId <String>
      -BodyParameter <IMicrosoftGraphDefaultManagedAppProtection>
      [-ResponseHeadersVariable <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-MgDeviceAppManagementDefaultManagedAppProtection
      -InputObject <IDevicesCorporateManagementIdentity>
      [-ResponseHeadersVariable <String>]
      [-AdditionalProperties <Hashtable>]
      [-AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]
      [-AllowedInboundDataTransferSources <ManagedAppDataTransferLevel>]
      [-AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel>]
      [-AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel>]
      [-AppDataEncryptionType <ManagedAppDataEncryptionType>]
      [-Apps <IMicrosoftGraphManagedMobileApp[]>]
      [-ContactSyncBlocked]
      [-CreatedDateTime <DateTime>]
      [-CustomSettings <IMicrosoftGraphKeyValuePair[]>]
      [-DataBackupBlocked]
      [-DeployedAppCount <Int32>]
      [-DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]
      [-Description <String>]
      [-DeviceComplianceRequired]
      [-DisableAppEncryptionIfDeviceEncryptionIsEnabled]
      [-DisableAppPinIfDevicePinIsSet]
      [-DisplayName <String>]
      [-EncryptAppData]
      [-FaceIdBlocked]
      [-FingerprintBlocked]
      [-Id <String>]
      [-LastModifiedDateTime <DateTime>]
      [-ManagedBrowser <ManagedBrowserType>]
      [-ManagedBrowserToOpenLinksRequired]
      [-MaximumPinRetries <Int32>]
      [-MinimumPinLength <Int32>]
      [-MinimumRequiredAppVersion <String>]
      [-MinimumRequiredOSVersion <String>]
      [-MinimumRequiredPatchVersion <String>]
      [-MinimumRequiredSdkVersion <String>]
      [-MinimumWarningAppVersion <String>]
      [-MinimumWarningOSVersion <String>]
      [-MinimumWarningPatchVersion <String>]
      [-OrganizationalCredentialsRequired]
      [-PeriodBeforePinReset <TimeSpan>]
      [-PeriodOfflineBeforeAccessCheck <TimeSpan>]
      [-PeriodOfflineBeforeWipeIsEnforced <TimeSpan>]
      [-PeriodOnlineBeforeAccessCheck <TimeSpan>]
      [-PinCharacterSet <ManagedAppPinCharacterSet>]
      [-PinRequired]
      [-PrintBlocked]
      [-SaveAsBlocked]
      [-ScreenCaptureBlocked]
      [-SimplePinBlocked]
      [-Version <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-MgDeviceAppManagementDefaultManagedAppProtection
      -InputObject <IDevicesCorporateManagementIdentity>
      -BodyParameter <IMicrosoftGraphDefaultManagedAppProtection>
      [-ResponseHeadersVariable <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

Update the properties of a defaultManagedAppProtection object.

Examples

Example 1: Code snippet

Import-Module Microsoft.Graph.Devices.CorporateManagement

$params = @{
	"@odata.type" = "#microsoft.graph.defaultManagedAppProtection"
	displayName = "Display Name value"
	description = "Description value"
	version = "Version value"
	periodOfflineBeforeAccessCheck = "-PT17.1357909S"
	periodOnlineBeforeAccessCheck = "PT35.0018757S"
	allowedInboundDataTransferSources = "managedApps"
	allowedOutboundDataTransferDestinations = "managedApps"
	organizationalCredentialsRequired = $true
	allowedOutboundClipboardSharingLevel = "managedAppsWithPasteIn"
	dataBackupBlocked = $true
	deviceComplianceRequired = $true
	managedBrowserToOpenLinksRequired = $true
	saveAsBlocked = $true
	periodOfflineBeforeWipeIsEnforced = "-PT3M22.1587532S"
	pinRequired = $true
	maximumPinRetries = 1
	simplePinBlocked = $true
	minimumPinLength = 0
	pinCharacterSet = "alphanumericAndSymbol"
	periodBeforePinReset = "PT3M29.6631862S"
	allowedDataStorageLocations = @(
	"sharePoint"
)
contactSyncBlocked = $true
printBlocked = $true
fingerprintBlocked = $true
disableAppPinIfDevicePinIsSet = $true
minimumRequiredOsVersion = "Minimum Required Os Version value"
minimumWarningOsVersion = "Minimum Warning Os Version value"
minimumRequiredAppVersion = "Minimum Required App Version value"
minimumWarningAppVersion = "Minimum Warning App Version value"
managedBrowser = "microsoftEdge"
appDataEncryptionType = "afterDeviceRestart"
screenCaptureBlocked = $true
encryptAppData = $true
disableAppEncryptionIfDeviceEncryptionIsEnabled = $true
minimumRequiredSdkVersion = "Minimum Required Sdk Version value"
customSettings = @(
	@{
		"@odata.type" = "microsoft.graph.keyValuePair"
		name = "Name value"
		value = "Value value"
	}
)
deployedAppCount = 0
minimumRequiredPatchVersion = "Minimum Required Patch Version value"
minimumWarningPatchVersion = "Minimum Warning Patch Version value"
faceIdBlocked = $true
}

Update-MgDeviceAppManagementDefaultManagedAppProtection -DefaultManagedAppProtectionId $defaultManagedAppProtectionId -BodyParameter $params

This example shows how to use the Update-MgDeviceAppManagementDefaultManagedAppProtection Cmdlet.

Parameters

-AdditionalProperties

Additional Parameters

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedDataStorageLocations

Data storage locations where a user may store managed data.

Type:ManagedAppDataStorageLocation[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedInboundDataTransferSources

Data can be transferred from/to these classes of apps

Type:ManagedAppDataTransferLevel
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedOutboundClipboardSharingLevel

Represents the level to which the device's clipboard may be shared between apps

Type:ManagedAppClipboardSharingLevel
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedOutboundDataTransferDestinations

Data can be transferred from/to these classes of apps

Type:ManagedAppDataTransferLevel
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppDataEncryptionType

Represents the level to which app data is encrypted for managed apps

Type:ManagedAppDataEncryptionType
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Apps

List of apps to which the policy is deployed. To construct, see NOTES section for APPS properties and create a hash table.

Type:IMicrosoftGraphManagedMobileApp[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BodyParameter

Policy used to configure detailed management settings for a specified set of apps for all users not targeted by a TargetedManagedAppProtection Policy To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Type:IMicrosoftGraphDefaultManagedAppProtection
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ContactSyncBlocked

Indicates whether contacts can be synced to the user's device.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CreatedDateTime

The date and time the policy was created.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CustomSettings

A set of string key and string value pairs to be sent to the affected users, unalterned by this service To construct, see NOTES section for CUSTOMSETTINGS properties and create a hash table.

Type:IMicrosoftGraphKeyValuePair[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DataBackupBlocked

Indicates whether the backup of a managed app's data is blocked.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultManagedAppProtectionId

The unique identifier of defaultManagedAppProtection

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-DeployedAppCount

Count of apps to which the current policy is deployed.

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeploymentSummary

The ManagedAppEntity is the base entity type for all other entity types under app management workflow. To construct, see NOTES section for DEPLOYMENTSUMMARY properties and create a hash table.

Type:IMicrosoftGraphManagedAppPolicyDeploymentSummary
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

The policy's description.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeviceComplianceRequired

Indicates whether device compliance is required.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableAppEncryptionIfDeviceEncryptionIsEnabled

When this setting is enabled, app level encryption is disabled if device level encryption is enabled. (Android only)

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableAppPinIfDevicePinIsSet

Indicates whether use of the app pin is required if the device pin is set.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

Policy display name.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EncryptAppData

Indicates whether managed-app data should be encrypted. (Android only)

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FaceIdBlocked

Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. (iOS Only)

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FingerprintBlocked

Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Headers

Optional headers that will be added to the request.

Type:IDictionary
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Id

The unique identifier for an entity. Read-only.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Type:IDevicesCorporateManagementIdentity
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-LastModifiedDateTime

Last time the policy was modified.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ManagedBrowser

Type of managed browser

Type:ManagedBrowserType
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ManagedBrowserToOpenLinksRequired

Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android)

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaximumPinRetries

Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumPinLength

Minimum pin length required for an app-level pin if PinRequired is set to True

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumRequiredAppVersion

Versions less than the specified version will block the managed app from accessing company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumRequiredOSVersion

Versions less than the specified version will block the managed app from accessing company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumRequiredPatchVersion

Define the oldest required Android security patch level a user can have to gain secure access to the app. (Android only)

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumRequiredSdkVersion

Versions less than the specified version will block the managed app from accessing company data. (iOS Only)

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWarningAppVersion

Versions less than the specified version will result in warning message on the managed app.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWarningOSVersion

Versions less than the specified version will result in warning message on the managed app from accessing company data.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumWarningPatchVersion

Define the oldest recommended Android security patch level a user can have for secure access to the app. (Android only)

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-OrganizationalCredentialsRequired

Indicates whether organizational credentials are required for app use.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PeriodBeforePinReset

TimePeriod before the all-level pin must be reset if PinRequired is set to True.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PeriodOfflineBeforeAccessCheck

The period after which access is checked when the device is not connected to the internet.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PeriodOfflineBeforeWipeIsEnforced

The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PeriodOnlineBeforeAccessCheck

The period after which access is checked when the device is connected to the internet.

Type:TimeSpan
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PinCharacterSet

Character set which is to be used for a user's app PIN

Type:ManagedAppPinCharacterSet
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PinRequired

Indicates whether an app-level pin is required.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PrintBlocked

Indicates whether printing is allowed from managed apps.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

{{ Fill ProgressAction Description }}

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResponseHeadersVariable

Optional Response Headers Variable.

Type:String
Aliases:RHV
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SaveAsBlocked

Indicates whether users may use the 'Save As' menu item to save a copy of protected files.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ScreenCaptureBlocked

Indicates whether screen capture is blocked. (Android only)

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SimplePinBlocked

Indicates whether simplePin is blocked.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Version

Version of the entity.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Graph.PowerShell.Models.IDevicesCorporateManagementIdentity

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDefaultManagedAppProtection

System.Collections.IDictionary

Outputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDefaultManagedAppProtection

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

APPS <IMicrosoftGraphManagedMobileApp- []>: List of apps to which the policy is deployed.

  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
    • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Version <String>]: Version of the entity.

BODYPARAMETER <IMicrosoftGraphDefaultManagedAppProtection>: Policy used to configure detailed management settings for a specified set of apps for all users not targeted by a TargetedManagedAppProtection Policy

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [AllowedDataStorageLocations <ManagedAppDataStorageLocation- []>]: Data storage locations where a user may store managed data.
  • [AllowedInboundDataTransferSources <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
  • [AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel?>]: Represents the level to which the device's clipboard may be shared between apps
  • [AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
  • [ContactSyncBlocked <Boolean?>]: Indicates whether contacts can be synced to the user's device.
  • [DataBackupBlocked <Boolean?>]: Indicates whether the backup of a managed app's data is blocked.
  • [DeviceComplianceRequired <Boolean?>]: Indicates whether device compliance is required.
  • [DisableAppPinIfDevicePinIsSet <Boolean?>]: Indicates whether use of the app pin is required if the device pin is set.
  • [FingerprintBlocked <Boolean?>]: Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.
  • [ManagedBrowser <ManagedBrowserType?>]: Type of managed browser
  • [ManagedBrowserToOpenLinksRequired <Boolean?>]: Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android)
  • [MaximumPinRetries <Int32?>]: Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.
  • [MinimumPinLength <Int32?>]: Minimum pin length required for an app-level pin if PinRequired is set to True
  • [MinimumRequiredAppVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
  • [MinimumRequiredOSVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
  • [MinimumWarningAppVersion <String>]: Versions less than the specified version will result in warning message on the managed app.
  • [MinimumWarningOSVersion <String>]: Versions less than the specified version will result in warning message on the managed app from accessing company data.
  • [OrganizationalCredentialsRequired <Boolean?>]: Indicates whether organizational credentials are required for app use.
  • [PeriodBeforePinReset <TimeSpan?>]: TimePeriod before the all-level pin must be reset if PinRequired is set to True.
  • [PeriodOfflineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is not connected to the internet.
  • [PeriodOfflineBeforeWipeIsEnforced <TimeSpan?>]: The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.
  • [PeriodOnlineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is connected to the internet.
  • [PinCharacterSet <ManagedAppPinCharacterSet?>]: Character set which is to be used for a user's app PIN
  • [PinRequired <Boolean?>]: Indicates whether an app-level pin is required.
  • [PrintBlocked <Boolean?>]: Indicates whether printing is allowed from managed apps.
  • [SaveAsBlocked <Boolean?>]: Indicates whether users may use the 'Save As' menu item to save a copy of protected files.
  • [SimplePinBlocked <Boolean?>]: Indicates whether simplePin is blocked.
  • [CreatedDateTime <DateTime?>]: The date and time the policy was created.
  • [Description <String>]: The policy's description.
  • [DisplayName <String>]: Policy display name.
  • [LastModifiedDateTime <DateTime?>]: Last time the policy was modified.
  • [Version <String>]: Version of the entity.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [AppDataEncryptionType <ManagedAppDataEncryptionType?>]: Represents the level to which app data is encrypted for managed apps
  • [Apps <IMicrosoftGraphManagedMobileApp- []>]: List of apps to which the policy is deployed.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
      • [(Any) <Object>]: This indicates any property can be added to this object.
    • [Version <String>]: Version of the entity.
  • [CustomSettings <IMicrosoftGraphKeyValuePair- []>]: A set of string key and string value pairs to be sent to the affected users, unalterned by this service
    • [Name <String>]: Name for this key-value pair
    • [Value <String>]: Value for this key-value pair
  • [DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed.
  • [DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow.
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [ConfigurationDeployedUserCount <Int32?>]: Not yet documented
    • [ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp- []>]: Not yet documented
      • [ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied.
      • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
    • [DisplayName <String>]: Not yet documented
    • [LastRefreshTime <DateTime?>]: Not yet documented
    • [Version <String>]: Version of the entity.
  • [DisableAppEncryptionIfDeviceEncryptionIsEnabled <Boolean?>]: When this setting is enabled, app level encryption is disabled if device level encryption is enabled. (Android only)
  • [EncryptAppData <Boolean?>]: Indicates whether managed-app data should be encrypted. (Android only)
  • [FaceIdBlocked <Boolean?>]: Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. (iOS Only)
  • [MinimumRequiredPatchVersion <String>]: Define the oldest required Android security patch level a user can have to gain secure access to the app. (Android only)
  • [MinimumRequiredSdkVersion <String>]: Versions less than the specified version will block the managed app from accessing company data. (iOS Only)
  • [MinimumWarningPatchVersion <String>]: Define the oldest recommended Android security patch level a user can have for secure access to the app. (Android only)
  • [ScreenCaptureBlocked <Boolean?>]: Indicates whether screen capture is blocked. (Android only)

CUSTOMSETTINGS <IMicrosoftGraphKeyValuePair- []>: A set of string key and string value pairs to be sent to the affected users, unalterned by this service

  • [Name <String>]: Name for this key-value pair
  • [Value <String>]: Value for this key-value pair

DEPLOYMENTSUMMARY <IMicrosoftGraphManagedAppPolicyDeploymentSummary>: The ManagedAppEntity is the base entity type for all other entity types under app management workflow.

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [ConfigurationDeployedUserCount <Int32?>]: Not yet documented
  • [ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp- []>]: Not yet documented
    • [ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied.
    • [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
      • [(Any) <Object>]: This indicates any property can be added to this object.
  • [DisplayName <String>]: Not yet documented
  • [LastRefreshTime <DateTime?>]: Not yet documented
  • [Version <String>]: Version of the entity.

INPUTOBJECT <IDevicesCorporateManagementIdentity>: Identity Parameter

  • [AndroidManagedAppProtectionId <String>]: The unique identifier of androidManagedAppProtection
  • [DefaultManagedAppProtectionId <String>]: The unique identifier of defaultManagedAppProtection
  • [DeviceCompliancePolicyStateId <String>]: The unique identifier of deviceCompliancePolicyState
  • [DeviceConfigurationStateId <String>]: The unique identifier of deviceConfigurationState
  • [DeviceInstallStateId <String>]: The unique identifier of deviceInstallState
  • [DeviceLogCollectionResponseId <String>]: The unique identifier of deviceLogCollectionResponse
  • [DeviceManagementTroubleshootingEventId <String>]: The unique identifier of deviceManagementTroubleshootingEvent
  • [IosManagedAppProtectionId <String>]: The unique identifier of iosManagedAppProtection
  • [ManagedAppOperationId <String>]: The unique identifier of managedAppOperation
  • [ManagedAppPolicyId <String>]: The unique identifier of managedAppPolicy
  • [ManagedAppRegistrationId <String>]: The unique identifier of managedAppRegistration
  • [ManagedAppStatusId <String>]: The unique identifier of managedAppStatus
  • [ManagedDeviceId <String>]: The unique identifier of managedDevice
  • [ManagedDeviceMobileAppConfigurationAssignmentId <String>]: The unique identifier of managedDeviceMobileAppConfigurationAssignment
  • [ManagedDeviceMobileAppConfigurationDeviceStatusId <String>]: The unique identifier of managedDeviceMobileAppConfigurationDeviceStatus
  • [ManagedDeviceMobileAppConfigurationId <String>]: The unique identifier of managedDeviceMobileAppConfiguration
  • [ManagedDeviceMobileAppConfigurationUserStatusId <String>]: The unique identifier of managedDeviceMobileAppConfigurationUserStatus
  • [ManagedEBookAssignmentId <String>]: The unique identifier of managedEBookAssignment
  • [ManagedEBookId <String>]: The unique identifier of managedEBook
  • [ManagedMobileAppId <String>]: The unique identifier of managedMobileApp
  • [MdmWindowsInformationProtectionPolicyId <String>]: The unique identifier of mdmWindowsInformationProtectionPolicy
  • [MobileAppAssignmentId <String>]: The unique identifier of mobileAppAssignment
  • [MobileAppCategoryId <String>]: The unique identifier of mobileAppCategory
  • [MobileAppContentFileId <String>]: The unique identifier of mobileAppContentFile
  • [MobileAppContentId <String>]: The unique identifier of mobileAppContent
  • [MobileAppId <String>]: The unique identifier of mobileApp
  • [MobileContainedAppId <String>]: The unique identifier of mobileContainedApp
  • [TargetedManagedAppConfigurationId <String>]: The unique identifier of targetedManagedAppConfiguration
  • [TargetedManagedAppPolicyAssignmentId <String>]: The unique identifier of targetedManagedAppPolicyAssignment
  • [UserId <String>]: The unique identifier of user
  • [UserInstallStateSummaryId <String>]: The unique identifier of userInstallStateSummary
  • [VppTokenId <String>]: The unique identifier of vppToken
  • [WindowsDeviceMalwareStateId <String>]: The unique identifier of windowsDeviceMalwareState
  • [WindowsInformationProtectionAppLockerFileId <String>]: The unique identifier of windowsInformationProtectionAppLockerFile
  • [WindowsInformationProtectionPolicyId <String>]: The unique identifier of windowsInformationProtectionPolicy

https://learn.microsoft.com/powershell/module/microsoft.graph.devices.corporatemanagement/update-mgdeviceappmanagementdefaultmanagedappprotection

https://learn.microsoft.com/graph/api/intune-mam-defaultmanagedappprotection-update?view=graph-rest-1.0