SOLVED

Require approved client app vs Require app protection policy

%3CLINGO-SUB%20id%3D%22lingo-sub-1534275%22%20slang%3D%22en-US%22%3ERequire%20approved%20client%20app%20vs%20Require%20app%20protection%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1534275%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20everyone%20is%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20can%20someone%20tell%20me%20what%20the%20difference%20between%20%22Require%20approved%20client%20app%22%20and%20%22Require%20app%20protection%20policy%22%20is%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20my%20conditional%20access%20policy%20whether%20I%20just%20select%20%22Require%20approved%20client%20app%22%20OR%20%22Require%20approved%20client%20app%20and%20Require%20app%20protection%20policy%22%20the%20result%20is%20the%20same.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20trying%20to%20understand%20what%20%22Require%20app%20protection%20policy%22%20exactly%20does.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAppreciate%20any%20advice.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1534275%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Application%20Management%20(MAM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1534959%22%20slang%3D%22en-US%22%3ERe%3A%20Require%20approved%20client%20app%20vs%20Require%20app%20protection%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1534959%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F119208%22%20target%3D%22_blank%22%3E%40Navishkar%20Sadheo%3C%2FA%3E%26nbsp%3BGood%20question.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirst%20of%20all%3A%26nbsp%3B%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3ERequire%20approved%20client%20app%3C%2FEM%3E%3CSPAN%3E%26nbsp%3Bgrant%20control%20only%20supports%20iOS%20and%20Android%20and%20is%20used%20to%20only%20allow%201rst%20party%20apps%20to%20connect%20to%20Office%20365%2C%20like%20the%20Outlook%20app.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3ERequire%20app%20protection%20policy%20(preview)%3C%2FEM%3E%26nbsp%3Bis%20all%20about%20Intune%20app%20protection.%20So%20when%20you%20select%20this%20option%2C%20the%20app%20cannot%20be%20used%20without%20an%20app%20protection%20policy%20in%20place.%20This%20is%20meant%20to%20protect%20the%20data%20from%20those%20apps.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20read%20these%20articles%20to%20learn%20all%20about%20that%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.petervanderwoude.nl%2Fpost%2Fconditional-access-and-requiring-app-protection-policy%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.petervanderwoude.nl%2Fpost%2Fconditional-access-and-requiring-app-protection-policy%2F%20%3C%2FA%3E%3C%2FP%3E%3CP%3E%26amp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsamilamppu.com%2F2019%2F07%2F09%2Fconditional-access-require-app-protection-policy%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsamilamppu.com%2F2019%2F07%2F09%2Fconditional-access-require-app-protection-policy%2F%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26amp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.inthecloud247.com%2Fazure-ad-conditional-access-explained-android-and-ios%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.inthecloud247.com%2Fazure-ad-conditional-access-explained-android-and-ios%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

Hi All

 

Hope everyone is well.

 

Please can someone tell me what the difference between "Require approved client app" and "Require app protection policy" is?

 

In my conditional access policy whether I just select "Require approved client app" OR "Require approved client app and Require app protection policy" the result is the same.

 

Just trying to understand what "Require app protection policy" exactly does.

 

Appreciate any advice.

1 Reply
Highlighted
Best Response confirmed by Oliver Kieselbach (MVP)
Solution

@Navishkar Sadheo Good question. 

 

First of all:  Require approved client app grant control only supports iOS and Android and is used to only allow 1rst party apps to connect to Office 365, like the Outlook app.

 

Require app protection policy (preview) is all about Intune app protection. So when you select this option, the app cannot be used without an app protection policy in place. This is meant to protect the data from those apps. 

 

Please read these articles to learn all about that: https://www.petervanderwoude.nl/post/conditional-access-and-requiring-app-protection-policy/

&

https://samilamppu.com/2019/07/09/conditional-access-require-app-protection-policy/ 

&

https://www.inthecloud247.com/azure-ad-conditional-access-explained-android-and-ios/