Skip Navigation

Common:
Microsoft Intune
app protection profile settings

These settings correspond to
Intune
app protection policy settings. If you want more information about a setting, see the Microsoft Intune documentation.
Intune
app protection profile setting
Description
Interoperability
Enable interoperability between
Intune
and Dynamics apps
This setting specifies whether
BlackBerry Dynamics
apps can interact with
Intune
-managed apps, such as
Microsoft 365
apps, on the device.
To allow interoperability between
BlackBerry Dynamics
apps and
Intune
-managed apps,
BlackBerry BRIDGE
must be installed on users' devices.
Custom JSON
Edit the JSON values to customize messages and warnings seen by your users in the
BlackBerry BRIDGE
app.
Data relocation
Allow app to transfer data to other apps
This setting specifies the apps
Intune
-managed apps can send data to.
The "Policy managed apps" option allows data to be transferred only to other apps that are managed by
Intune
.
If the "Enable interoperability between
Intune
and Dynamics apps" setting is selected, you can't change this setting from the default option.
Allow app to receive data from other apps
This setting specifies the apps that apps managed by the app protection policy can receive data from.
The "Policy managed apps" option allows data to be transferred only from other apps that are managed by
Intune
.
If the "Enable interoperability between
Intune
and Dynamics apps" setting is selected, you can't change this setting from the default option.
Prevent "Save as"
This setting specifies whether the "Save As" option is enabled for apps.
If you select this setting in an on-premises environment, you can allow using the "Save As" option to save work data only to one or more of the following locations:
  • Local storage
  • OneDrive for Business
  • SharePoint
Restrict cut, copy, and paste with other apps
This setting specifies how cut, copy, and paste operations can be used with the app.
  • Blocked: This option prevents cut, copy, and paste operations between this app and other apps.
  • Policy managed apps: This option allows cut, copy, and paste operations between the app and other apps that are managed by
    Intune
    .
  • Policy managed apps with paste in: This option allows pasting data from any app, but data cut or copied from a policy-managed app can be pasted only to other apps that are managed by
    Intune
    .
  • Any app: This option allows cut, copy, and paste operations between all apps on the device.
Disable contact sync
This setting specifies whether the app can save contacts to the native Contacts app on the device.
Disable printing
This setting specifies whether the app can print data.
Inclusion group
This setting specifies whether the policy is deployed to inclusion groups.
Access
Require corporate credentials for access
This setting specifies whether users must use their organization credentials to access the app.
If this rule is selected, it takes precedence over requirements for a PIN or fingerprint.
Block managed apps from running on jailbroken or rooted devices
This setting specifies whether apps can run on jailbroken or rooted devices.
Recheck access requirements timeout period
This setting specifies, in minutes, how often the access requirements for the app are rechecked when the app is open.
Offline grace period
This setting specifies, in minutes, how often the access requirements for the app are rechecked when the device is offline.
Offline interval before app data is wiped
This setting specifies, in days, how long a device can be offline before app data is wiped from the device.
Require PIN for access
This setting specifies whether users must enter a PIN to access the app. If this option is selected, the user is prompted to provide a PIN the first time they run the app.
If the "Require corporate credentials for access" setting is selected, it takes precedence over this rule.
Number of attempts before PIN reset
This setting specifies the number of PIN entry attempts that can be made before the user must reset the PIN.
Allow simple PIN
This setting specifies whether users can use simple PIN sequences such as 1234 or 1111.
PIN length
This setting specifies the minimum number of digits in the PIN.
Allow fingerprint instead of PIN
This setting specifies whether users can use a fingerprint instead of a PIN to access the app.
Disable app PIN when device PIN is managed
This setting specifies whether the app prompts for the PIN when the device is required to have a password.
If this setting is selected, the app PIN is not requested on
Android
devices if the
UEM
IT policy for the device requires a password. To disable the app PIN on
iOS
devices, the device PIN must be required by
Intune
.
PIN character set
This setting specifies the types of characters the PIN must contain.
  • Numeric: The PIN must contain only numbers.
  • Alphanumeric and symbols: The PIN must contain letters, numbers, and symbols.
PIN reset
This setting specifies the number of days before the user must reset their PIN. The default setting is 90 days.