Blog Post

Intune Customer Success
2 MIN READ

Support Tip: How to enable Intune app protection policies (APP) with Microsoft Lists

Intune_Support_Team's avatar
Intune_Support_Team
Silver Contributor
Jan 27, 2021

Updated 4/28: The Microsoft Lists app is now available as a public app in Intune app protection policy (APP) and on or around May 14, 2021 also supports the Conditional Access (CA) grant access control: “Require app protection policy”.

 

Several of our customers want to manage the new Microsoft Lists mobile app for iOS. This mobile app helps you track information and organize your work; for more information, see the Tech Community announcement: Get the Microsoft Lists app for iOS (Microsoft 365 Blog).

 

The Microsoft Lists app for iOS and iPadOS support is now available in the Apple App Store. The Lists mobile app supports Intune app protection policies today. For more details on how to target apps with your app protection policy, see: How to create and assign app protection policies.

 

As communicated in: MC252690, we wanted to share that on or around May 14, 2021, Microsoft Lists now supports the Conditional Access (CA) grant access control, “Require approved client app”, like other Microsoft 365 apps, such as SharePoint.

 

If you are using a CA policy that only leverages the “Require approved client app” grant access control, Microsoft Lists will be considered one of the approved apps after this date. You must enable Intune APP with Microsoft Lists to ensure it meets the full data protection needs of your organization. However, we strongly recommend that you update your CA policy to take advantage of the “Require app protection policy” grant access control. For more information on the recommended policy configuration, see Scenario 1 in How to: Require app protection policy and an approved client app for cloud app access with Conditional Access.

 

If you are not utilizing APP, CA, or either grant access control, then no action is needed.

 

Note: If you previously used the bundle ID (com.microsoft.splists) to add Lists manually, the bundle ID is hidden and the app is now listed as a selected app within the public apps section of the policy. If you attempt to create a new policy and try to add the bundle ID manually, the MEM admin center will notify you to use the public app instead.

 

Example screenshot when adding "com.microsoft.splists" to an Intune App protection policy

Let us know if you have any additional questions on this by commenting to this post below, or tagging @IntuneSuppTeam out on Twitter.

 

Blog post updates

  • 2/10: The Lists app will be available to target as a first party app coming in the 2103 service release.
  • 3/26: Lists is now available as a public app in Intune APP.
  • 4/28: Lists app now supports the “Require app protection policy” grant access control.
  • 6/10: Lists app now supports “Required approved client app” grant access control.
Updated Dec 19, 2023
Version 18.0
microsoft lists
support tip

31 Comments

Show More
  • csmithscf's avatar
    csmithscf
    Iron Contributor
    Jan 27, 2021

    I added the com.microsoft.splists bundle ID to my App Protection Policy (for iOS) last night, right after reading this. As of this morning, ~12 hours later, it's still not working. 

    For me, the Lists app just prompts for username. I provide my UPN, and immediately it switches over to the Microsoft Authenticator app... this is the one that tells me this isn't allowed here. 

     

    Is it possible that the Authenticator app Bundle ID needs to be added too? Or some other reason why this is happening? 

     

    I also checked App \ Monitor at endpoint.microsoft.com and see that the bundle ID is in there, but hasn't checked in.  While not shown in the screenshot, I do have 4-5 other trusted Microsoft apps that have all checked in/synced since this, within the last 30 minutes even, but still the Lists app not so much. Is there a way to force this APP Sync process or these apps? I reinstalled Lists and that didn't help. 

     

    I'm game for anything, please let me know where else I should look or what I should try. 

     

     
     
     

    After this I checked in at Azure AD and reviewed my sign-in logs, specific to Conditional Access - we have a policy that applies to all O365 apps (AAD "enterprise apps") such as sharepoint online, exchange online, and all related services including Lists and Planner etc.  This policy, for mobile OSes, requires Microsoft trusted apps. 

     

    The grant controls are configured for this CA policy to require approved client apps https://aka.ms/supportedmamapps  -OR- require app protection policies https://aka.ms/supportedmampolicyapps