I hope you enjoy this video on how to set up App Protection Policies in Microsoft Intune. Let me know in the comments other topics you want me to cover! //Timestamps: 00:00 Intro 02:22 Create an App Protection Policy 09:18 End User Experience for App Protection Policies 12:03 Outro
Hey Harry, your videos are extremely helpful. Just wanted to let you know it is highly appreciated. I think you fill a nice niche in the O365 youtuber space. Great tutorials with minimal technical explanations just to get everyone onboard with the logic is great. Thanks again!
Thanks for well-explained for App protection policies, I just do have a question about copy & paste from protected app such as Outlook email data paste to gmail, what if I'm going to forward the email to gmail account or use CC'd and BCC's. Are the policies still protecting the data leak? - Thank you!
Not sure if you already have covered these in other videos but would like to see you do some content regarding Endpoint Manager / Device config policies & endpoint security.
Great question. I do not have a public video with this video topic, but I will put it on the list! Let me know if there is a specific policy or area of endpoint security you would like me to cover.
Thanks for the videos. Clear and helpful. I have a question and can't find the answer; Do you need apple business manager setup or can you use a personal iTunes account? The documents seem really unclear to me. I feel business manager is a better choice, but need it setup sooner than later, wondered if I can swap afterwards if a personal account is supported. Thanks
Hey Harry, love your delivery on videos, very concise yet comprehensive! I'm curious to know because I've been learning intune, for BYOD I've learned that MAM is the way to go. Is that just app protection policies together with conditional access policies, or is there something more to this? Also, for BYOD Laptops (not my choice), would this also be the same approach? Would auto enrollment of personal devices be discouraged, or would automatic windows enrollment in conjunction with app policies and some light configuration policies be recommended? Perhaps a lot of questions, but it will give me so much clarity!
On ios devices BYOD, how do you keep from screenshots? Keeping from copy-paste works but the user is still able to screenshot. Is there a way to block it? On fully managed without removing the camera, does screenshot still work on managed apps?
Thank Harry, for the amazing content. Please can you explain how you sign in to your iPhone to see the protected Apps? I created an App Protection Policy for Android users and I try using Intune Company Portal from my phone to log in, but I could not see any app. PLEASE KINDLY EXPLAIN THAT PART YOU LOGIN TO YOUR PHONE. THANKS
@@HarryLowtonIT You slowly went into InTune and stepped through each screen of InTune . People just click through them very fast. You took your time and clearly explained each part. Then finally with the user experience to see what the it looks like in practice. So tired of people just talking about the benefits of each resource in azure for 10 minutes and a 90 second tutorial where assume everything is already configured perfectly.
They didn't even put the blog link in the description. We work with Azure gov, so we spent hours on hours trying to find configuration info for our resources.
@@chrismcclure4264 thanks, for taking the time to respond. It was beneficial. I will for sure keep the tutorials coming!
ปีที่แล้ว
Fantastic explanations, I have learned a lot, thank you. One question regarding the security measures: for example you cannot copy text from your corporate apps to your private Gmail. Which is a great feature and makes sense. How about taking screenshots though? Screenshots will be then stored on your device. Is not that a security breach? What is your thought on this? Many thanks
Is it true that for Android it is required to use the Company Portal in order to let this the Protection policy work? If i don't use the Company Portal the app in the apps are just working as usual without policies. Or do I need to configure a CA to only allow corporate apps via CP?
Harry, The way you explained is really pretty. I have tried those policies in a test environment and it’s working perfect. But, in the same device if they use google chrome or any other browser to access the web outlook,then these policies are not working. They are able to copy data to all services. Please give me a solution for this. Also please tell us where can i access all of your in-tune videos from scratch to expert. Expecting reply from you.
Is it possible to sync the O365 GAL to native contacts, when using App Protection Policies, on ios and android.? If not, how would we accomplish being able to sync the GAL to native contacts on ios and android? We also noticed that on Android it does not show the phone number for the contacts, inside the outlook app search. Any advice or recommendations are greatly appreciated.
Hey - you can use the setting Sync policy managed app data with native apps - from intune app protection policy docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-iOS When deploying outlook you can enable save contact docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune#configure-contact-field-sync-to-native-contacts-for-outlook-for-ios-and-android
Is that true that the company that i work in can see my chats in whatsapp and conversations and Safari history and details snapchat and my photos in my Iphone ?
Is it possible in Microsoft Intune to set up this policy that every time a user wants to download, copy, or delete something, the admin has to get the notification and grant the permission?
Hey man, this is the 10th video im watching for app protection policies and not a single one has talked about the unmanaged windows policies and specifically the custom apps section. Would be great if you could cover that in a video.
You make a great point to keep this video short I left out the Windows side. I'm going to put that video idea on the list now :) Thanks for the feedback.
I am struggling with allowing users the ability paste into third party Apps we approve. I thought that adding the app to the exclusion "select apps to exempt" would be the solution but that doesn't seem to work.. not sure if anyone else has experienced this?
Hello, Has anyone here used the Conditional access policy over App protection policy via Intune? If yes why and which one is recommended? Just wanted to understand pros and cons of both and which one would be recommended to keep data safe and secure on users personal mobile devices.
I have been testing the device configuration policies in 3 physical devices. Among the 3 devices, only 1 device seems to be accepting all policies. Two of them is not accepting all the policies. As this is the case I think the issue is device specific. What could be the reason?
Hi Ravish, Happy new year. This is a good question, App wrapping lets you take a LOB application and make it aware of Intune app protection policies to protect your corporate data. So app protection policy is the controls to enforce security on data and app wrapping prepares and application to make use of these policies. I hope that helps! docs.microsoft.com/en-us/mem/intune/developer/apps-prepare-mobile-application-management
Is it possible for an Intune administrator to prevent users from installing applications with a password, so that if a user wants to install an application or software, the administrator must approve or enter the password? Please provide the settings if they are present.
I hope you enjoy this video on how to set up App Protection Policies in Microsoft Intune.
Let me know in the comments other topics you want me to cover!
//Timestamps:
00:00 Intro
02:22 Create an App Protection Policy
09:18 End User Experience for App Protection Policies
12:03 Outro
Best One, wish you deserve more subscription.
@@whitehack8375 thank you!! Glad you enjoyed it. Hopefully my channel will continue to grow. Have a good new year.
Nice to see someone explaining the basics clearly, without going into all kinds of technical stuff.
Great job!
Glad you liked it! Appreciate you watching and commenting.
Just watched 2nd video from intune library,app protection policy is awesome, trying to complete all videos today and tomorrow
Amazing!! Enjoy - great to have you here and supporting the videos.
Hey Harry, your videos are extremely helpful. Just wanted to let you know it is highly appreciated. I think you fill a nice niche in the O365 youtuber space. Great tutorials with minimal technical explanations just to get everyone onboard with the logic is great. Thanks again!
I was confused and you made it clear. Thank you very much.
Glad this video was able to help :)
Easy to understand, great and clear content, thank you!
Thank you, Robert. I'm glad this video was helpful. I also appreciate the feed about it being clear!
Really razor-sharp information and clear explanations and walkthroughs
Thank you Harry for the great video tutorial.
Thanks Kirby - glad it could help!
You're a brilliant tutor. Great stuff!
😊 thank you 🙏🏻
Hi Harry,
A very nice video to learn intune with ease. Would it be possible to have some videos related to troubleshooting.
Thanks for well-explained for App protection policies, I just do have a question about copy & paste from protected app such as Outlook email data paste to gmail, what if I'm going to forward the email to gmail account or use CC'd and BCC's. Are the policies still protecting the data leak? - Thank you!
Not sure if you already have covered these in other videos but would like to see you do some content regarding Endpoint Manager / Device config policies & endpoint security.
Great question. I do not have a public video with this video topic, but I will put it on the list! Let me know if there is a specific policy or area of endpoint security you would like me to cover.
Hi Harry, what is the least privilege role needed to configure policy in app protection?
Thanks for the videos. Clear and helpful. I have a question and can't find the answer; Do you need apple business manager setup or can you use a personal iTunes account? The documents seem really unclear to me. I feel business manager is a better choice, but need it setup sooner than later, wondered if I can swap afterwards if a personal account is supported. Thanks
Hey Harry, love your delivery on videos, very concise yet comprehensive! I'm curious to know because I've been learning intune, for BYOD I've learned that MAM is the way to go. Is that just app protection policies together with conditional access policies, or is there something more to this? Also, for BYOD Laptops (not my choice), would this also be the same approach? Would auto enrollment of personal devices be discouraged, or would automatic windows enrollment in conjunction with app policies and some light configuration policies be recommended? Perhaps a lot of questions, but it will give me so much clarity!
Great tutorial and great explantations, keep it up!
Thanks for the kind words. I certainly will!
On ios devices BYOD, how do you keep from screenshots? Keeping from copy-paste works but the user is still able to screenshot. Is there a way to block it? On fully managed without removing the camera, does screenshot still work on managed apps?
Cool, excellent
Thank you! Cheers!
Thanks for the info... very useful!
You bet! glad it helped.
Thank Harry, for the amazing content. Please can you explain how you sign in to your iPhone to see the protected Apps? I created an App Protection Policy for Android users and I try using Intune Company Portal from my phone to log in, but I could not see any app. PLEASE KINDLY EXPLAIN THAT PART YOU LOGIN TO YOUR PHONE. THANKS
would anyone happen to know how to edit the policy names after creating them? great videos !!
Thank you good sir! excellent video
You are welcome! Thanks for the feedback. I’m glad you enjoyed it. Let me know if there are any other topics you would like me to cover.
Excellent
Thanks Emon! Happy new year.
Harry,
Is the app protection policy user-based or devices base? What happens if a user has two devices? Will the policy only affect 1?
Excellent!!!
Thank you!
Fantastic video. Microsoft could take a couple tips on how to make a good Azure demo video from you. Never stop.
Thanks, Chris!! Appreciate the kind words. Out of interest, what part of my demoing stood out to you? I want to make sure I keep doing what works :)
@@HarryLowtonIT You slowly went into InTune and stepped through each screen of InTune . People just click through them very fast. You took your time and clearly explained each part. Then finally with the user experience to see what the it looks like in practice. So tired of people just talking about the benefits of each resource in azure for 10 minutes and a 90 second tutorial where assume everything is already configured perfectly.
Example of horrible demo: th-cam.com/video/6UDePj5newo/w-d-xo.html
They didn't even put the blog link in the description. We work with Azure gov, so we spent hours on hours trying to find configuration info for our resources.
@@chrismcclure4264 thanks, for taking the time to respond. It was beneficial. I will for sure keep the tutorials coming!
Fantastic explanations, I have learned a lot, thank you. One question regarding the security measures: for example you cannot copy text from your corporate apps to your private Gmail. Which is a great feature and makes sense. How about taking screenshots though? Screenshots will be then stored on your device. Is not that a security breach? What is your thought on this? Many thanks
Is it true that for Android it is required to use the Company Portal in order to let this the Protection policy work? If i don't use the Company Portal the app in the apps are just working as usual without policies. Or do I need to configure a CA to only allow corporate apps via CP?
Harry, The way you explained is really pretty. I have tried those policies in a test environment and it’s working perfect. But, in the same device if they use google chrome or any other browser to access the web outlook,then these policies are not working. They are able to copy data to all services. Please give me a solution for this.
Also please tell us where can i access all of your in-tune videos from scratch to expert.
Expecting reply from you.
As I was watching the video just now, I thought this would be an issue!
Is it possible to sync the O365 GAL to native contacts, when using App Protection Policies, on ios and android.? If not, how would we accomplish being able to sync the GAL to native contacts on ios and android? We also noticed that on Android it does not show the phone number for the contacts, inside the outlook app search. Any advice or recommendations are greatly appreciated.
Hey - you can use the setting Sync policy managed app data with native apps - from intune app protection policy
docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-iOS
When deploying outlook you can enable save contact
docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune
docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune#configure-contact-field-sync-to-native-contacts-for-outlook-for-ios-and-android
What if someone takes a screenshot of the corp. data through teams or outlook? Will this action also be blocked?
Is that true that the company that i work in can see my chats in whatsapp and conversations and Safari history and details snapchat and my photos in my Iphone ?
Question - How does this work if a phone has a screenshot feature? Does the policy also block that?
Is it possible in Microsoft Intune to set up this policy that every time a user wants to download, copy, or delete something, the admin has to get the notification and grant the permission?
Hey man, this is the 10th video im watching for app protection policies and not a single one has talked about the unmanaged windows policies and specifically the custom apps section. Would be great if you could cover that in a video.
You make a great point to keep this video short I left out the Windows side. I'm going to put that video idea on the list now :) Thanks for the feedback.
I am struggling with allowing users the ability paste into third party Apps we approve. I thought that adding the app to the exclusion "select apps to exempt" would be the solution but that doesn't seem to work.. not sure if anyone else has experienced this?
how to force user to sign in to the iOS edge browser mobile app by intune, before allowing them to access any sites
Will APP block screen capture?
what do you use to record your iphone screen?
@@xkorbekx built in recorder in IOS
I cant change target device from all to selected like unmanaged devices
Hello,
Has anyone here used the Conditional access policy over App protection policy via Intune? If yes why and which one is recommended?
Just wanted to understand pros and cons of both and which one would be recommended to keep data safe and secure on users personal mobile devices.
Hi harry ready to learn more about intune
Hi - awesome, glad to have you here. Let me know if there are any topics you are interested in.
@@HarryLowtonIT sure... I'll let you know
@@sahithsahadevan6658 Sound good! have a great week
explain to us : app configuration policy in Microsoft Intune
I have been testing the device configuration policies in 3 physical devices.
Among the 3 devices, only 1 device seems to be accepting all policies.
Two of them is not accepting all the policies. As this is the case I think the issue is device specific. What could be the reason?
Android or iOs?
What is difference between app wrapping and app protection policy
Hi Ravish, Happy new year. This is a good question, App wrapping lets you take a LOB application and make it aware of Intune app protection policies to protect your corporate data. So app protection policy is the controls to enforce security on data and app wrapping prepares and application to make use of these policies. I hope that helps! docs.microsoft.com/en-us/mem/intune/developer/apps-prepare-mobile-application-management
Is it possible for an Intune administrator to prevent users from installing applications with a password, so that if a user wants to install an application or software, the administrator must approve or enter the password? Please provide the settings if they are present.
6:58 bro doesn't understand the 720 minutes block access rule and goes ahead and skip it.