Back to the App Protection Policies

This very small blog will be about the improvements in the Target Policy in App protection and how to update your JSON files to automate the deployment

I will divide this blog into multiple parts

  1. Background information
  2. Changing the JSON

1. Background information

It’s wonderful to see Microsoft Is improving the App Protection Policies. It’s now possible to select “All apps” or “All Microsoft Apps” or even “Core Microsoft Apps”. This will definitely save you some time when you are deploying App protection policies and All of the future Microsoft Apps are automatically added! Isn’t that great?

Let’s take a look at how you could change it. When creating a new or editing a new App protection policy, you have some new options available.

Afbeelding met tekst  Automatisch gegenereerde beschrijving

Let’s take a look at them but I guess most of them speak for themselves.

All Apps –> I guess it means just ALL apps!

All Microsoft Apps –> That’s also an obvious one as it means all Microsoft Apps

Core Microsoft Apps –> But what about the core Microsoft Apps? Luckily you can click on “view a list of apps that will be targeted”

2. Changing the JSON

Now we have seen how we could change it manually, let’s change the JSON. When looking at the Github page I created some time ago, you could have noticed I am specifying all the apps which will be targetted

Enrollment/DU2h_AppProtectionPolicyManagedDevices.ps1 at main · Call4cloud/Enrollment (

Afbeelding met tekst  Automatisch gegenereerde beschrijving

But that’s not very nice. Every time a new app is released, you may need to add it to your scripting and update the existing app Protection policies. So how can we change the JSON to target “all Microsoft apps” instead of specifying them one by one?

I guess it was simpler than I thought! You only need to remove the whole “APPS”: [ALL THE SPECIFIED APPS ] part and add this line to the JSON (Don’t’ forget the “,” )

“appGroupType”: “allMicrosoftApps”,

Afbeelding met tekst  Automatisch gegenereerde beschrijving

After you change it and start testing with it, you will notice the new app protection policies will be created and a lot of Apps will be targeted: Android: 33 and IOS: 35

Afbeelding met tekst  Automatisch gegenereerde beschrijving

Please note: When you want to change it to All Core Microsoft Apps or just All Apps, here are the 2 group types you could specify in the JSON

“AppGroupType”: “allCoreMicrosoftApps”,

“AppGroupType”: “allApps”,


I think it’s a wonderful App Protection improvement… I don’t have to say more about it.

Back To The Future GIFs - Get the best GIF on GIPHY

Leave a Reply

Your email address will not be published. Required fields are marked *

58  +    =  63