Creating Intune App Protection Policies for iOS/iPadOS: A Comprehensive Guide (2023)

In today's digital landscape, securing corporate data on mobile devices is paramount. Microsoft Intune offers robust solutions, and in this guide, we will delve into creating Intune App Protection Policies specifically for iOS and iPadOS. These policies, forming part of Mobile Application Management (MAM) in Intune, play a crucial role in safeguarding organizational data on both managed and non-managed devices.

App Protection Policies Overview

App Protection Policies (APP) are a set of guidelines within Intune that ensure the protection of corporate data on managed applications. Given the prevalence of mobile device usage for both personal and professional tasks, the risk of data leakage and loss is significant. APP in Intune addresses this concern by controlling access to corporate data and preventing data leakage within managed applications on mobile devices.

Supported Applications

To apply APP, it is essential that applications support it. Most Microsoft 365 (M365) applications, including Outlook, Word, OneDrive, and more, are compatible. Additionally, numerous productivity apps on the Google Play Store and Apple App Store also support APP.

Implementation of App Protection Policies

APP can be applied to both enrolled and non-enrolled devices, including those using third-party Mobile Device Management (MDM) solutions. By implementing APP, organizations can ensure that data within managed apps is protected and controllable by the IT team.

Key Features of App Protection Policies

  1. Data Protection:

    • Restriction of copy and paste between work and personal profiles.
    • Limiting document/file saving to OneDrive or SharePoint.
    • Enforcing application-level PIN.
    • Application-level data wipe.
    • Limiting app access based on OS versions.
  2. Data Transfer Policies:

    • Managing data transfer between managed and unmanaged applications.
    • Policies for backing up organizational data to iTunes and iCloud.
    • Controlling the transfer of organizational data between apps.
  3. Encryption:

    • Enforcing device-level iOS/iPadOS encryption for managed apps.
  4. Functionality Controls:

    • Syncing policy-managed app data with native apps or add-ins.
    • Printing restrictions for organizational data.
    • Controlling web content transfer with other apps.

How to Create App Protection Policies for iOS/iPadOS

  1. Sign in to Microsoft Intune Admin Center.
  2. Navigate to App > App Protection Policies.
  3. Click on Create Policy > Select iOS/iPadOS.
  4. Provide the policy name and description, then proceed to target devices and applications as per requirements.

Data Protection Restrictions Configuration

  1. Data Transfer:

    • Configure backup of organizational data to iTunes and iCloud.
    • Define policies for sending organizational data to other apps.
    • Specify apps exempted from data transfer policies.
  2. Receive Data from Other Apps:

    • Configure policies for receiving data from other/unmanaged apps.
  3. Open Data into Org Documents:

    • Define settings for opening data from other apps into organizational documents.
  4. Restrict Cut, Copy, and Paste Between Apps:

    • Set restrictions on copying, cutting, and pasting data between apps.
  5. Third-Party Keyboards:

    • Choose to block or allow third-party keyboards.

Access Requirements Configuration

  1. PIN Requirements:

    • Define PIN policies for app access, including type, length, and use of biometrics.
  2. Functionality Controls:

    • Set controls for syncing policy-managed app data with native apps.
    • Specify printing restrictions and web content transfer policies.

Conditional Launch Configuration

  1. App Conditions:

    • Configure conditions such as max PIN attempts and offline grace period.
  2. App Version and SDK Restrictions:

    • Define minimum app version and Intune app protection policy SDK version requirements.

Device Conditions for Intune App Protection Policies

  1. Jailbroken/Rooted Devices:

    • Define actions for accessing managed apps on jailbroken/rooted devices.
  2. Device OS Version:

    • Set minimum and maximum OS version requirements.
  3. Device Model:

    • Allow or block specified device models from accessing managed apps.
  4. Max Allowed Device Threat Level:

    • Control access based on the threat level defined by Mobile Threat Defense (MTD).


In this comprehensive guide, we've explored the intricacies of creating Intune App Protection Policies for iOS and iPadOS. These policies serve as a robust defense against data leakage and loss, providing organizations with granular controls over app functionality, data protection, and access requirements. By following these detailed steps, organizations can implement effective App Protection Policies and fortify the security of their corporate data on mobile devices.

For more insights and decision-making strategies regarding Intune App Protection Policies, refer to resources from the HTMD team, such as the provided video, and stay informed about the latest advancements in mobile device management.

Top Articles
Latest Posts
Article information

Author: Reed Wilderman

Last Updated: 01/12/2023

Views: 5740

Rating: 4.1 / 5 (72 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Reed Wilderman

Birthday: 1992-06-14

Address: 998 Estell Village, Lake Oscarberg, SD 48713-6877

Phone: +21813267449721

Job: Technology Engineer

Hobby: Swimming, Do it yourself, Beekeeping, Lapidary, Cosplaying, Hiking, Graffiti

Introduction: My name is Reed Wilderman, I am a faithful, bright, lucky, adventurous, lively, rich, vast person who loves writing and wants to share my knowledge and understanding with you.