When users have either of these, they're prompted to register their device when they go to a Microsoft Entra connected web app in a policy-protected browser (this is only true if their device hasn't already been registered). SSO requires your device to be registered by either the Microsoft Authenticator app for iOS devices, or the Intune Company Portal on Android. SSO allows users to access Microsoft Entra connected web apps through Edge for iOS and Android, without having to re-enter their credentials. Single sign-on to Microsoft Entra connected web apps in policy-protected browsersĮdge for iOS and Android can take advantage of single sign-on (SSO) to all web apps (SaaS and on-premises) that are Microsoft Entra connected. To apply Intune app protection policies against apps on Android devices that are not enrolled in Intune, the user must also install the Intune Company Portal. Most organizations should implement the settings defined in Enterprise enhanced data protection (Level 2) as that enables data protection and access requirements controls.įor more information on the available settings, see Android app protection policy settings and iOS app protection policy settings. This ensures that all users are protected, regardless of whether they use Edge for iOS or Android.ĭetermine which framework level meets your requirements. They include all Microsoft 365 mobile applications, such as Edge, Outlook, OneDrive, Office, or Teams, as this ensures that users can access and manipulate work or school data within any Microsoft app in a secure fashion. These policies, at a minimum, must meet the following conditions: Regardless of whether the device is enrolled in a unified endpoint management (UEM) solution, an Intune app protection policy needs to be created for both iOS and Android apps, using the steps in How to create and assign app protection policies. To see the specific recommendations for each configuration level and the minimum apps that must be protected, review Data protection framework using app protection policies. This configuration is desirable for users that are accessing high risk data. Enterprise high data protection (Level 3) introduces advanced data protection mechanisms, enhanced PIN configuration, and APP Mobile Threat Defense.This is the configuration that is applicable to most mobile users accessing work or school data. Enterprise enhanced data protection (Level 2) introduces APP data leakage prevention mechanisms and minimum OS requirements.This is an entry level configuration that provides similar data protection control in Exchange Online mailbox policies and introduces IT and the user population to APP. For Android devices, this level validates Android device attestation. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |