Changes to applications’ backup and restore behavior on iOS/iPadOS and macOS devices

Our goal is to block all managed apps from storing data in iCloud except for MS Authenticator. It is/was not possible to define this on a per-app level. In a device restriction policy the setting Block managed apps from storing data in iCloud is set to Yes

During my test explained below I changed the restriction Block managed apps from storing data in iCloud to Not Configured which enables backing up Authenticator with a personal MS account but ofcourse also enables this for all other apps.

Can someone (Intune_Support_Team ?) please clarify as I'm a bit confused what is and what is not backed up to iCloud in the following setup:

• Corporate iOS devices with MDM & MAM policies applied
• VPP apps deployed to all devices. Either required or available
• App assignment configured with setting Prevent iCloud app backup set to Yes
• In an App Protection policy -> Data Protection ->
  
  • Prevent Backup org data to iTunes and iCloud backups set to Block
  • Save copies or org data set to Block
• In a device restriction policy Block managed apps from storing data in iCloud is set to Not Configured

When I check in Settings -> * Apple ID * -> Apps using iCloud -> all managed apps are enabled (green tick)

When I check in Settings -> * Apple ID * -> *Current iOS Device name* -> iCloud Backup -> All Device backups -> All managed apps show "Backup not Supported"

My question is: with the above setup, does that fully block the apps from storing and/or backing up data in iCloud? Or does this only prevent the "app installation info" from being being backed up? Aka, when restoring from an iCloud backup; does it restore the app with or without data and is that data stored in iCloud?