Skip to content

Create Intune app protection policy

With an Intune app protection policy, you apply data restrictions based on the user identity. The restrictions are only applied when the app is used in a work context, i.e. when an assigned user opens an app using a corporate account.

You must create separate policies for Android and iOS apps.

  1. On the menu sidebar, under CONFIGURE, click Policies > Intune app protection.
  2. Confirm the dialog to be forwarded to a Microsoft page, and then log in with your Microsoft Azure administrator account.

    This step is omitted if you’ve already logged in to Microsoft Azure during the current Sophos Mobile Admin session.

  3. On the Policies - Intune app protection page of Sophos Mobile Admin, click Add and then click Android policy or iOS policy.

  4. On the Edit policy page, enter the required settings.

    See Intune app protection policy settings (Android) and Intune app protection policy settings (iOS, iPadOS).

  5. Click Save.

You can view the policy in the Microsoft Azure portal. You might need to sign in again to the portal to refresh the information displayed.

After you’ve created the Intune app protection policy, assign it to apps and to users. See Assign apps to an Intune app protection policy and Assign users to an Intune app protection policy.