019: Review App config vs App protection policies
Overview
Intune app protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app. These policies allow you to control how data is accessed and shared by apps on mobile devices. A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app. A managed app in Intune is a protected app that has Intune app protection policies applied to it and is managed by Intune.
There are several benefits of using Intune app protection policies, including protecting corporate data on mobile devices without requiring device enrollment and controlling how data is accessed and shared by apps on mobile devices.
Examples of using app protection policies with Microsoft Intune include:
Requiring a PIN or fingerprint to access corporate email on a mobile device Preventing users from copying and pasting corporate data into personal apps Restricting access to corporate data to only approved apps
App configuration policies can help you eliminate app setup problems by letting you assign configuration settings to a policy that is assigned to end-users before they run the app. The settings are then supplied automatically when the app is configured on the end-users device, and end-users don't need to take action. The configuration settings are unique for each app.
You can create and use app configuration policies to provide configuration settings for both iOS/iPadOS or Android apps. These configuration settings allow an app to be customized by using app configuration and management. The configuration policy settings are used when the app checks for these settings, typically the first time the app is run.
An app configuration setting, for example, might require you to specify any of the following details:
A custom port number Language settings Security settings Branding settings such as a company logo