Jul 20 2020 03:07 PM
Hi All
Hope everyone is well.
Please can someone tell me what the difference between "Require approved client app" and "Require app protection policy" is?
In my conditional access policy whether I just select "Require approved client app" OR "Require approved client app and Require app protection policy" the result is the same.
Just trying to understand what "Require app protection policy" exactly does.
Appreciate any advice.
Jul 21 2020 12:13 AM
Solution@Navishkar Sadheo Good question.
First of all: Require approved client app grant control only supports iOS and Android and is used to only allow 1rst party apps to connect to Office 365, like the Outlook app.
Require app protection policy (preview) is all about Intune app protection. So when you select this option, the app cannot be used without an app protection policy in place. This is meant to protect the data from those apps.
Please read these articles to learn all about that: https://www.petervanderwoude.nl/post/conditional-access-and-requiring-app-protection-policy/
&
https://samilamppu.com/2019/07/09/conditional-access-require-app-protection-policy/
&
https://www.inthecloud247.com/azure-ad-conditional-access-explained-android-and-ios/