This very small blog will be about the improvements in the Target Policy in App protection and how to update your JSON files to automate the deployment
1. Background information
It’s wonderful to see Microsoft improving the App Protection Policies. It’s now possible to select “All apps,” “All Microsoft Apps,” or even “Core Microsoft Apps.” This will definitely save you some time when you deploy App protection policies, and all of the future Microsoft Apps are automatically added! Isn’t that great?
Let’s take a look at how you could change it. When creating a new or editing a new App protection policy, you have some new options available.
Let’s take a look at them but I guess most of them speak for themselves.
All Apps –> I guess it means just ALL apps!
All Microsoft Apps –> That’s also an obvious one as it means all Microsoft Apps
Core Microsoft Apps –> But what about the core Microsoft Apps? Luckily you can click on “view a list of apps that will be targeted”
2. Changing the JSON
Now that we can change it manually, let’s change the JSON. When looking at the Github page I created some time ago, you could have noticed I am specifying all the apps which will be targetted
Enrollment/DU2h_AppProtectionPolicyManagedDevices.ps1 at main · Call4cloud/Enrollment (github.com)
But that’s not very nice. Every time a new app is released, you may need to add it to your scripting and update the existing app Protection policies. So how can we change the JSON to target “all Microsoft apps” instead of specifying them one by one?
I guess it was simpler than I thought! You only need to remove the whole “APPS”: [ALL THE SPECIFIED APPS ] part and add this line to the JSON (Don’t’ forget the “,” )
“appGroupType”: “allMicrosoftApps”,
After you change it and start testing with it, you will notice the new app protection policies will be created and a lot of Apps will be targeted: Android: 33 and IOS: 35
Please note: When you want to change it to All Core Microsoft Apps or just All Apps, here are the 2 group types you could specify in the JSON
“AppGroupType”: “allCoreMicrosoftApps”,
“AppGroupType”: “allApps”,
Conclusion:
I think it’s a wonderful App Protection improvement… I don’t have to say more about it.
