You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: memdocs/intune/apps/app-protection-framework.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ keywords:
8
8
author: Erikre
9
9
ms.author: erikre
10
10
manager: dougeby
11
-
ms.date: 05/04/2022
11
+
ms.date: 06/10/2022
12
12
ms.topic: conceptual
13
13
ms.service: microsoft-intune
14
14
ms.subservice: apps
@@ -57,7 +57,7 @@ Microsoft recommends the following deployment ring approach for the APP data pro
57
57
58
58
As the above table indicates, all changes to the App Protection Policies should be first performed in a pre-production environment to understand the policy setting implications. Once testing is complete, the changes can be moved into production and applied to a subset of production users, generally, the IT department and other applicable groups. And finally, the rollout can be completed to the rest of the mobile user community. Rollout to production may take a longer amount of time depending on the scale of impact regarding the change. If there is no user impact, the change should roll out quickly, whereas, if the change results in user impact, rollout may need to go slower due to the need to communicate changes to the user population.
59
59
60
-
When testing changes to an APP, be aware of the [delivery timing](app-protection-policy-delivery.md). The status of APP delivery for a given user can monitored. For more information, see [How to monitor app protection policies](app-protection-policies-monitor.md).
60
+
When testing changes to an APP, be aware of the [delivery timing](app-protection-policy-delivery.md). The status of APP delivery for a given user can be monitored. For more information, see [How to monitor app protection policies](app-protection-policies-monitor.md).
61
61
62
62
Individual APP settings for each app can be validated on devices using Edge and the URL *about:Intunehelp*. For more information, see [Review client app protection logs](app-protection-policy-settings-log.md) and [Use Edge for iOS and Android to access managed app logs](manage-microsoft-edge.md#use-edge-for-ios-and-android-to-access-managed-app-logs).
63
63
@@ -167,7 +167,7 @@ The policy settings enforced in level 2 include all the policy settings recommen
167
167
| Data Transfer | Send org data to other apps | Policy managed apps | iOS/iPadOS, Android | <p>With iOS/iPadOS, administrators can configure this value to be "Policy managed apps", "Policy managed apps with OS sharing", or "Policy managed apps with Open-In/Share filtering". </p><p>Policy managed apps with OS sharing is available when the device is also enrolled with Intune. This setting allows data transfer to other policy managed apps, as well as file transfers to other apps that have are managed by Intune. </p><p>Policy managed apps with Open-In/Share filtering filters the OS Open-in/Share dialogs to only display policy managed apps. </p><p> For more information, see [iOS app protection policy settings](app-protection-policy-settings-ios.md).</p> |
168
168
| Data Transfer | Select apps to exempt | Default / skype;app-settings;calshow;itms;itmss;itms-apps;itms-appss;itms-services; | iOS/iPadOS ||
169
169
| Data Transfer | Save copies of org data | Block | iOS/iPadOS, Android ||
170
-
| Data Transfer | Allow users to save copies to selected services | OneDrive for Business, SharePoint Online | iOS/iPadOS, Android ||
170
+
| Data Transfer | Allow users to save copies to selected services | OneDrive for Business, SharePoint Online, Photo Library| iOS/iPadOS, Android ||
171
171
| Data Transfer | Transfer telecommunication data to | Any dialer app | iOS/iPadOS, Android ||
172
172
| Data Transfer | Restrict cut, copy, and paste between apps | Policy managed apps with paste in | iOS/iPadOS, Android ||
173
173
| Data Transfer | Screen capture and Google Assistant | Block | Android ||
@@ -179,7 +179,7 @@ The policy settings enforced in level 2 include all the policy settings recommen
| Device conditions | Min OS version |*Format: Major.Minor.Build <br>Example: 14.8* / Block access | iOS/iPadOS | Microsoft recommends configuring the minimum iOS major version to match the supported iOS versions for Microsoft apps. Microsoft apps support a N-1 approach where N is the current iOS major release version. For minor and build version values, Microsoft recommends ensuring devices are up to date with the respective security updates. See [Apple security updates](https://support.apple.com/en-us/HT201222) for Apple's latest recommendations |
182
+
| Device conditions | Min OS version |*Format: Major.Minor.Build <br>Example: 14.8* / Block access | iOS/iPadOS | Microsoft recommends configuring the minimum iOS major version to match the supported iOS versions for Microsoft apps. Microsoft apps support an N-1 approach where N is the current iOS major release version. For minor and build version values, Microsoft recommends ensuring devices are up to date with the respective security updates. See [Apple security updates](https://support.apple.com/en-us/HT201222) for Apple's latest recommendations |
183
183
| Device conditions | Min OS version |*Format: Major.Minor<br> Example: 9.0* / Block access | Android | Microsoft recommends configuring the minimum Android major version to match the supported Android versions for Microsoft apps. OEMs and devices adhering to Android Enterprise recommended requirements must support the current shipping release + one letter upgrade. Currently, Android recommends Android 9.0 and later for knowledge workers. See [Android Enterprise Recommended requirements](https://www.android.com/enterprise/recommended/requirements/) for Android's latest recommendations |
184
184
| Device conditions | Min patch version |*Format: YYYY-MM-DD <br> Example: 2020-01-01* / Block access | Android | Android devices can receive monthly security patches, but the release is dependent on OEMs and/or carriers. Organizations should ensure that deployed Android devices do receive security updates before implementing this setting. See [Android Security Bulletins](https://source.android.com/security/bulletin/) for the latest patch releases. |
185
185
| Device conditions | Required SafetyNet evaluation type | Hardware-backed key | Android | Hardware backed attestation enhances the existing SafetyNet attestation service check by leveraging a new evaluation type called [Hardware Backed](https://developer.android.com/training/safetynet/attestation#evaluation-types), providing a more robust root detection in response to newer types of rooting tools and methods that cannot always be reliably detected by a software only solution.<p> As its name implies, hardware backed attestation leverages a hardware-based component which shipped with devices installed with Android 8.1 and later. Devices that were upgraded from an older version of Android to Android 8.1 are unlikely to have the hardware-based components necessary for hardware backed attestation. While this setting should be widely supported starting with devices that shipped with Android 8.1, Microsoft strongly recommends testing devices individually before enabling this policy setting broadly.</p> |
@@ -199,7 +199,7 @@ The policy settings enforced in level 3 include all the policy settings recommen
199
199
| Data Transfer | Dialer App URL Scheme |*replace_with_dialer_app_url_scheme*| iOS/iPadOS | On iOS/iPadOS, this value must be replaced with the URL scheme for the custom dialer app being used. If the URL scheme is not known, contact the app developer for more information. For more information on URL schemes, see [Defining a Custom URL Scheme for Your App](https://developer.apple.com/documentation/uikit/inter-process_communication/allowing_apps_and_websites_to_link_to_your_content/defining_a_custom_url_scheme_for_your_app).|
200
200
| Data transfer | Receive data from other apps | Policy managed apps | iOS/iPadOS, Android ||
201
201
| Data transfer | Open data into Org documents | Block | iOS/iPadOS, Android ||
202
-
| Data transfer | Allow users to open data from selected services | OneDrive for Business, SharePoint, Camera | iOS/iPadOS, Android | For related information, see [Android app protection policy settings](..\apps\app-protection-policy-settings-android.md) and [iOS app protection policy settings](..\apps\app-protection-policy-settings-ios.md). |
202
+
| Data transfer | Allow users to open data from selected services | OneDrive for Business, SharePoint, Camera, Photo Library| iOS/iPadOS, Android | For related information, see [Android app protection policy settings](..\apps\app-protection-policy-settings-android.md) and [iOS app protection policy settings](..\apps\app-protection-policy-settings-ios.md). |
203
203
| Data transfer | Third-party keyboards | Block | iOS/iPadOS | On iOS/iPadOS, this blocks all third-party keyboards from functioning within the app. |
204
204
| Data transfer | Approved keyboards | Require | Android ||
205
205
| Data transfer | Select keyboards to approve |*add/remove keyboards*| Android | With Android, keyboards must be selected in order to be used based on your deployed Android devices. |
0 commit comments