Create a Microsoft Intune app protection profile
Microsoft Intune
app protection profileWhen you create or update a
Microsoft Intune
app protection profile in BlackBerry UEM
, the profile settings are sent to Intune
to update the corresponding app protection policy. Microsoft Intune
app protection profiles can be assigned only to directory-linked groups. You can enable a new policy for iOS
devices to display only the Microsoft Intune
-managed apps that support the document type that users share to Microsoft Intune
apps. In this release, this feature must be enabled in the Microsoft Entra ID
portal. In an upcoming release of BlackBerry UEM
, administrators will be able to enable this feature in the BlackBerry UEM
console or in the Microsoft Entra ID
portal.
The
Microsoft Intune
app protection profile settings are sent to Intune
and update the settings in the corresponding app protection policy. In the Entra
portal, you can then enable the 'Send org data to other apps' policy to display only the Microsoft Intune
-managed apps that support the document type that iOS
users share to Intune
managed apps. Modifying or deleting any other settings in Entra
can prevent other users from activating BlackBerry Bridge
. For more information about
Microsoft Intune
app protection profile settings, see Create a Microsoft Intune app protection profile. If you configure the Microsoft Intune
app protection profile to Prevent Save as and allow users to save files to a Local storage, users receive the error message "Action Not Allowed. Your organization only allows you to open work or school data in this app" when they try to send a file from the device to a not secure local storage. Files must be opened from a corporate location (for example, a secured local storage, Microsoft OneDrive for Business
or Microsoft
SharePoint
).- Make sure that you configureBlackBerry UEMto synchronize withMicrosoft Intune. TheMicrosoft Intuneapp protection profile does not appear on the Policies and Profiles page if the connection isn't configured.
- ForAndroiddevices, make sure theMicrosoftCompany Portal app is installed on devices but not activated. For more information, see app-protection-enabled-apps-android.
- On the menu bar, clickPolicies and Profiles.
- ClickProtection > Microsoft Intune app protection profile.
- Click .
- Type a name and description for the profile.
- Select theEnable interoperability between Intune and Dynamics appscheckbox.When you enable this feature, the following policy settings are set to Policy Managed apps only and cannot be changed for security reasons such as enforcing data to remain within the intune protected secure environment:
- Allow app to transfer data to other apps
- Allow app to receive data from other apps
- Optionally, in the custom JSON field, edit the JSON values if you want to customize messages and warning seen by your users in theBridgeapp.
- Select thePrevent Save ascheckbox and select one or more of the following options to prevent users from sharing saved files to the following locations:
- Local storage: Allows users to save a copy of the file in theIntune-managed app.
- OneDrive for Business
- SharePoint
If you want users to share files fromMicrosoft Teams, you must clear thePrevent Save ascheckbox. - Add the required App packages for devices in your organization.
- Beside the App package IDs, click .
- Select the appropriate App package IDs.
- ForMicrosoft Office
- OniOSdevices, select com.microsoft.officemobile
- OnAndroiddevices, select com.microsoft.office.officehubrow
- ForMicrosoft Excel, select com.microsoft.office.excel
- ForMicrosoft PowerPoint, select com.microsoft.office.powerpoint
- ForMicrosoft Word, select com.microsoft.office.word
- ForSkype for Business, select com.microsoft.skype.teams
- ForMicrosoft OneNote, select com.microsoft.onenote
- ForMicrosoft Viva Engage
- OniOSdevices, select wefwef
- OnAndroiddevices, select com.yammer.v1
- Select the following apps:
- ForMicrosoft Office
- OniOSdevices, select com.microsoft.officemobile
- OnAndroiddevices, select com.microsoft.office.officehubrow
- ForMicrosoft Excel, select com.microsoft.office.excel
- ForMicrosoft PowerPoint, select com.microsoft.office.powerpoint
- ForMicrosoft Word, select com.microsoft.office.word
- ForSkype for Business, select com.microsoft.skype.teams
- ForMicrosoft OneNote, select com.microsoft.onenote
- ForMicrosoft Viva Engage
- OniOSdevices, select wefwef
- OnAndroiddevices, select com.yammer.v1
- ClickSave.
- ClickAdd.
- Optionally foriOSdevices, configure the corresponding app protection policy in theEntraportal to display only theIntune-managed apps that support the document type that is shared toIntune-managed apps.If you modify the corresponding app protection policy in theEntraportal, subsequent updates must be completed in the portal. Do not modify other settings in the policy, or it might prevent otheriOSusers from activatingBlackBerry Bridge.
- Sign in to theMicrosoftEndpoint Manager admin center portal at https://endpoint.microsoft.com/.
- In the left column, clickApps.
- In thePolicysection, clickApp protection policies.
- Search for and open the policy that was created inBlackBerry UEMand synchronized toEntra.
- UnderManage, clickProperties.
- In theData protectionsection, clickEdit.
- In theSend org data to other appsdrop-down list, selectPolicy managed apps with Open-In/Share filtering.
- ClickReview + save.
- ClickSave.