Assign users to an Intune app protection policy

An Intune app protection policy is only applied to an app when it is used by an assigned user. You assign users not individually but by Azure Active Directory (AD) security groups.
  1. On the menu sidebar, under CONFIGURE, click Policies > Intune app protection.
  2. Confirm the dialog to be forwarded to a Microsoft page, and then log in with your Microsoft Azure administrator account.
    This step is omitted if you’ve already logged in to Microsoft Azure during the current Sophos Mobile Admin session.
  3. On the Policies - Intune app protection page of Sophos Mobile Admin, click the blue triangle next to the policy you want to assign users to, and then click Assign user groups.
  4. In the list of available Azure AD security groups, select the groups you want to include or exclude:
    • Include: The policy applies to members of this group.
    • Exclude: The policy doesn’t apply to members of this group, even if they are also members of an Include group.
    • Not assigned: The policy doesn’t apply to members of this group, unless they are also members of an Include group.
  5. Select Save.

You can view the user assignment in the Microsoft Azure portal. You might need to sign in again to the portal to refresh the information displayed.

Note The policy only applies to users with an Intune license assigned to their Azure AD account. Other users in the selected security groups are not affected.