Support Tip: How to enable Intune app protection policies (APP) with Microsoft Lists

Published 01-26-2021 05:29 PM 5,533 Views

Updated 3/26: The Microsoft Lists app is now available as a public app in Intune app protection policy (APP)!

 

Several of our customers want to manage the new Microsoft Lists mobile app for iOS. This mobile app helps you track information and organize your work; for more information, see the TechCommunity announcement: Get the Microsoft Lists app for iOS (Microsoft 365 Blog).

 

The Microsoft Lists app for iOS is available in the Apple App Store. The Microsoft Lists mobile app supports Intune app protection policies today. For more details on how to target apps with your app protection policy, see: How to create and assign app protection policies.

 

Note: If you previously used the bundle ID (com.microsoft.splists) to add Lists manually, the bundle ID is hidden and the app is now listed as a selected app within the public apps section of the policy. If you attempt to create a new policy and try to add the bundle ID manually, the MEM admin center will notify you to use the public app instead.

 

Example screenshot when adding "com.microsoft.splists" to an Intune App protection policyExample screenshot when adding "com.microsoft.splists" to an Intune App protection policy

Let us know if you have any additional questions on this by commenting to this post below, or tagging @IntuneSuppTeam out on Twitter.

 

Blog post updates

  • 2/10: The Lists app will be available to target as a first party app coming in the 2103 service release.
  • 3/26: The Lists app is now available as a public app in APP!
9 Comments
Frequent Contributor

I added the com.microsoft.splists bundle ID to my App Protection Policy (for iOS) last night, right after reading this. As of this morning, ~12 hours later, it's still not working. 

For me, the Lists app just prompts for username. I provide my UPN, and immediately it switches over to the Microsoft Authenticator app... this is the one that tells me this isn't allowed here. 

lists-authenticator-fail.jpg

 

Is it possible that the Authenticator app Bundle ID needs to be added too? Or some other reason why this is happening? 

 

I also checked App \ Monitor at endpoint.microsoft.com and see that the bundle ID is in there, but hasn't checked in.  While not shown in the screenshot, I do have 4-5 other trusted Microsoft apps that have all checked in/synced since this, within the last 30 minutes even, but still the Lists app not so much. Is there a way to force this APP Sync process or these apps? I reinstalled Lists and that didn't help. 

 

I'm game for anything, please let me know where else I should look or what I should try. 

 

lists-notcheckedin-APP-monitor.jpg

 
 
 

After this I checked in at Azure AD and reviewed my sign-in logs, specific to Conditional Access - we have a policy that applies to all O365 apps (AAD "enterprise apps") such as sharepoint online, exchange online, and all related services including Lists and Planner etc.  This policy, for mobile OSes, requires Microsoft trusted apps. 

 

The grant controls are configured for this CA policy to require approved client apps https://aka.ms/supportedmamapps  -OR- require app protection policies https://aka.ms/supportedmampolicyapps 

 

Frequent Contributor

Here's that screenshot for the Grant Controls, fyi

Let me know if I should open a case on this, or feel free to respond with ideas here as well. Thanks!

 

lists-CA-policy-grant-controls.jpg

Hi @Chris Smith, thanks for the feedback. The Microsoft Lists app needs to support the Conditional Access grant "Require app protection policies" to leverage that specific grant control. We've reached out to the Conditional Access team, but no dates to share yet. Stay tuned to this post for future updates regarding APP and Conditional Access support.

New Contributor

I am having the same experience. It does not seem that the List app was added as a required app.

The issue seems to be related to Conditional Access and most likely the Lists app is not added to the Microsoft "whitelist" of approved apps. So as long as you have a CA rule to require approved client apps, you can not use Lists. App protection will most likely work if you do not have this Conditional Access requirement. I hope Intune adds Lists application to the approved list soon as I am not going to open up Sharepoint to any 3rd party apps anytime soon. 

 

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-acces...

 

 

Regular Visitor

Greetings,  I would like to know information about approved apps for Conditional access like  @Jan Ketil Skanke post. 

Our company is evaluating MS lists and would like to provide it to our users to access on Mobile devices.  We currently have a condition set to only grant access to approved client apps in our Conditional Access policies.  Microsoft lists is currently not in that list of approved apps.  Is there an timeline on when it might become available as an approved app for Conditional Access, and is there a process to get into a preview ring for this? 

 

Thank you in Advanced.

Clint

Microsoft

Hello Team,

I am receiving multiple requests for MS lists to be added to approved client list of apps so the conditional access policy with approved app filter can be used for the app... kindly update if there is any ETA on the same.

Microsoft

Updating that the Microsoft Lists app now supports the Conditional Access grant "Require app protection policy" which offers higher level of protection. Please use that instead of "Require approved app" which is not supported.  

New Contributor

@saura6h 

I appreciate that it supports App protection. And if all the MS apps supported App protection this would e Viable. However the as per the documentation, our most used Mobile App, Teams, does not yet support 'Require App Protection". And there are an additional 14 apps that do not yet support "Require App Protection". It unnecessarily complicates CA.  Many companies have added "Require App Protection" as a "AND" grant. Lists would not work under that circumstance. We have explored using an "OR" grant by stacking polices. However there is an issue with Teams again that does not support the use of the "OR". Neither does Visio or Kaizala. 

Can we look forward, in the future, to the List app supporting the "Required Application" grant?

Version history
Last update:
‎Mar 26 2021 04:53 PM
Updated by: