Forum Discussion
LOB apps and "Require approved client app"
Is it true that LOB Apps can not be added to the "Approved Client App" list for cloud app access with Conditional Access "Require approved client app"? So basically, is the following true?
"As for the conflict you were assuming with the Conditional Access policy settings, you are correct. If you do set the "Require approved client app" control under Access Controls > Grant, this requires devices to use an approved client app to access the services. At this moment, LOB apps are no considered so. You can see the current list of approved apps here: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-conditional-access
As you can see in the document, it states "This setting applies to the following iOS and Android apps" and will only work on the apps on this list.
The Intune SDK package will allow the app to be recognized and protected with Intune's App protection policies, but does not consider it an approved app."
- Thijs LecomteBronze ContributorHi
This is correct. You have two options:
- Exclude the app from the CA policy (if possible)
- Use require app protection policy (if the app supports an APP policy)- KevinWheeler2024Brass ContributorThanks for the response. I don't have any of those options in my tenant. Thanks again.
- KevinWheeler2024Brass Contributor
Thijs Lecomte What about this article? See the last 2 features?
- Thijs LecomteBronze ContributorThat goes together with the option '- Use require app protection policy (if the app supports an APP policy)'
So if the app is app protection policy ready (through SDK or wrapping tool), you could use the conditional access control 'use require app protection policy'