Forum Discussion
Blocking apps for specific users on a device via intune
Hi all,
I would like to have 2 accounts ie exam1 and exam2
Exam 1 will allow office apps to be opened where as exam 2 wont allow office apps to open.
Is this possible for a device? And via intune ? our devices are cloud only.
Please help!
Hi Both Rudy_Ooms_MVP Deleted
My apologies, this is specifically for Windows devices. I've successfully implemented a solution by configuring user policies for each exam user (Exam 1 and 2).
The policy involves a list of allowed applications (User), with each exam having its own set of allowed applications. For example, in Exam 1, I allow winword.exe, and in Exam 2, I allow chrome.exe. To ensure exclusivity, I then exclude each application from the policy.
This approach has proven effective!
3 Replies
- Hi,
Could you tell us first on what kind of devices you want to accomplish this? I assume windows devices? In the old school ad, we could define an applocker policy based on groups. Doing this with applocker with Intune is going to be difficult (i have heard someone doing this by creating local groups and adding the azuread users in to it ) makes me wonder if i could do it... let me see what i can come up with next weekHi Both Rudy_Ooms_MVP Deleted
My apologies, this is specifically for Windows devices. I've successfully implemented a solution by configuring user policies for each exam user (Exam 1 and 2).
The policy involves a list of allowed applications (User), with each exam having its own set of allowed applications. For example, in Exam 1, I allow winword.exe, and in Exam 2, I allow chrome.exe. To ensure exclusivity, I then exclude each application from the policy.
This approach has proven effective!
Hello ABill1
Welcome to the Microsoft community, my name is Recep I'll be happy to help you today.
Create App Protection Policies:
- Login to Microsoft Endpoint Manager:
- Navigate to the Microsoft Endpoint Manager admin center: https://endpoint.microsoft.com/.
- Navigate to App protection policies:
- In the Microsoft Endpoint Manager admin center, go to "Apps" > "App protection policies".
- Create a new policy:
- Click on "Create policy" to start creating a new app protection policy.
- Configure the policy for Exam1:
- Name the policy (e.g., "Exam1 Policy").
- In the "Target to apps" section, select the Office apps you want to allow (e.g., Word, Excel, PowerPoint).
- Configure other settings as needed.
- Configure the policy for Exam2:
- Create another policy (e.g., "Exam2 Policy").
- In the "Target to apps" section, do not select any Office apps or set restrictions as needed.
Assign Policies to Users:
- Assign Exam1 Policy:
- Navigate to the "Assignments" section of the Exam1 Policy.
- Assign the policy to the users or groups that should have access to Office apps (e.g., assign it to users associated with the exam1 account).
- Assign Exam2 Policy:
- Navigate to the "Assignments" section of the Exam2 Policy.
- Assign the policy to the users or groups that should be restricted from accessing Office apps (e.g., assign it to users associated with the exam2 account).
Ensure Device Enrollment:
Ensure that the devices are enrolled in Intune and that the users are assigned the appropriate policies.
Note:
- Targeting Apps:
- The effectiveness of app protection policies relies on the support of the apps themselves. Microsoft Office apps generally support these policies.
- Device Platform:
- Make sure that the devices are supported for app protection policies. Intune supports various platforms, including Windows, iOS, and Android.
- Testing:
- Before deploying policies in a production environment, thoroughly test them in a controlled environment to ensure they meet your requirements.
If I have answered your question, please mark your post as Solved
If you like my response, please give it a Like
Appreciate your Kudos! Proud to contribute! 🙂
- Login to Microsoft Endpoint Manager:
