Create a Microsoft Intune app protection profile Skip Navigation

Create a
Microsoft Intune
app protection profile

When you create or update a
Microsoft Intune
app protection profile in
BlackBerry UEM
, the profile settings are sent to
Intune
to update the corresponding app protection policy.
Microsoft Intune
app protection profiles can be assigned only to directory-linked groups. You can enable a new policy for
iOS
devices to display only the
Microsoft Intune
-managed apps that support the document type that users share to
Microsoft Intune
apps. In this release, this feature must be enabled in the
Microsoft Entra ID
portal. In an upcoming release of
BlackBerry UEM
, administrators will be able to enable this feature in the
BlackBerry UEM
console or in the
Microsoft Entra ID
portal.
The
Microsoft Intune
app protection profile settings are sent to
Intune
and update the settings in the corresponding app protection policy. In the
Entra
portal, you can then enable the 'Send org data to other apps'  policy to display only the
Microsoft Intune
-managed apps that support the document type that
iOS
users share to
Intune
managed apps. Modifying or deleting any other settings in
Entra
can prevent other users from activating
BlackBerry Bridge
.
For more information about
Microsoft Intune
app protection profile settings, see Create a Microsoft Intune app protection profile. If you configure the
Microsoft Intune
app protection profile to Prevent Save as and allow users to save files to a Local storage, users receive the error message "Action Not Allowed. Your organization only allows you to open work or school data in this app" when they try to send a file from the device to a not secure local storage. Files must be opened from a corporate location (for example, a secured local storage,
Microsoft OneDrive for Business
or
Microsoft SharePoint
).
  1. On the menu bar, click
    Policies and Profiles
    .
  2. Click
    Protection > Microsoft Intune app protection profile
    .
  3. Click The Add icon.
  4. Type a name and description for the profile.
  5. Select the
    Enable interoperability between Intune and Dynamics apps
    checkbox.
    When you enable this feature, the following policy settings are set to Policy Managed apps only and cannot be changed for security reasons such as enforcing data to remain within the intune protected secure environment:
    • Allow app to transfer data to other apps
    • Allow app to receive data from other apps
  6. Optionally, in the custom JSON field, edit the JSON values if you want to customize messages and warning seen by your users in the
    Bridge
    app.
  7. Select the
    Prevent Save as
    checkbox and select one or more of the following options to prevent users from sharing saved files to the following locations:
    • Local storage: Allows users to save a copy of the file in the
      Intune
      -managed app.
    • OneDrive for Business
    • SharePoint
    If you want users to share files from
    Microsoft Teams
    , you must clear the
    Prevent Save as
    checkbox. 
  8. Add the required App packages for devices in your organization.
    1. Beside the App package IDs, click The Add icon.
    2. Select the appropriate App package IDs.
      • For
        Microsoft Office
        • On
          iOS
          devices, select com.microsoft.officemobile
        • On
          Android
          devices, select com.microsoft.office.officehubrow
      • For
        Microsoft Excel
        , select com.microsoft.office.excel
      • For
        Microsoft PowerPoint
        , select com.microsoft.office.powerpoint
      • For
        Microsoft Word
        , select com.microsoft.office.word
      • For
        Skype for Business
        , select com.microsoft.skype.teams
      • For
        Microsoft OneNote
        , select com.microsoft.onenote
      • For
        Microsoft Viva Engage
        • On
          iOS
          devices, select wefwef
        • On
          Android
          devices, select com.yammer.v1
  9. Select the following apps:
    • For
      Microsoft Office
      • On
        iOS
        devices, select com.microsoft.officemobile
      • On
        Android
        devices, select com.microsoft.office.officehubrow
    • For
      Microsoft Excel
      , select com.microsoft.office.excel
    • For
      Microsoft PowerPoint
      , select com.microsoft.office.powerpoint
    • For
      Microsoft Word
      , select com.microsoft.office.word
    • For
      Skype for Business
      , select com.microsoft.skype.teams
    • For
      Microsoft OneNote
      , select com.microsoft.onenote
    • For
      Microsoft Viva Engage
      • On
        iOS
        devices, select wefwef
      • On
        Android
        devices, select com.yammer.v1
  10. Click
    Save
    .
  11. Click
    Add
    .
  12. Optionally for
    iOS
    devices, configure the corresponding app protection policy in the
    Entra
    portal to display only the
    Intune
    -managed apps that support the document type that is shared to
    Intune
    -managed apps.
    If you modify the corresponding app protection policy in the
    Entra
    portal, subsequent updates must be completed in the portal. Do not modify other settings in the policy, or it might prevent other
    iOS
    users from activating
    BlackBerry Bridge
    .
    1. Sign in to the
      Microsoft
      Endpoint Manager admin center portal at https://endpoint.microsoft.com/.
    2. In the left column, click
      Apps
      .
    3. In the
      Policy
      section, click
      App protection policies
      .
    4. Search for and open the policy that was created in
      BlackBerry UEM
      and synchronized to
      Entra
      .
    5. Under
      Manage
      , click
      Properties
      .
    6. In the
      Data protection
      section, click
      Edit
      .
    7. In the
      Send org data to other apps
      drop-down list, select
      Policy managed apps with Open-In/Share filtering
      .
    8. Click
      Review + save
      .
    9. Click
      Save
      .