Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)
App Protection Policy data protection framework
Published Mar 05 2020 09:00 AM 6,504 Views

As mobile usage becomes more prevalent in your organizations, so does the need to protect against data leakage scenarios. App Protection Policies (APP) help protect work or school account data through data protection, access requirements, and conditional launch behaviors. For more information, see App protection policies overview. 


The choices available in APP enable organizations to tailor the protection to their specific needs. For some, it may not be obvious which policy settings are required to implement a complete scenario. To help organizations prioritize client endpoint hardening, Microsoft has introduced a new taxonomy for security configurations in Windows 10, and Intune is leveraging a similar taxonomy for its APP data protection framework for iOS and Android mobile app management. 


The APP data protection framework is organized into three distinct configuration levels, with each level building off the previous level: 


  1. Enterprise basic data protection ensures that apps are protected with a PIN and encrypted and performs selective wipe operations. For Android devices, this level validates Android device attestationThis is an entry level configuration that provides similar data protection control in Exchange Online mailbox policies and introduces IT and the user population to APP. 
  2. Enterprise enhanced data protection introduces APP data leakage prevention mechanisms and minimum OS requirements. This is the configuration that is applicable to most mobile users accessing work or school data. 
  3. Enterprise high data protection introduces advanced data protection mechanisms, enhanced PIN configuration, and APP Mobile Threat Defense. This configuration is desirable for users that are accessing high risk data. 

To see the specific recommendations for each configuration level, review Data protection framework using APP. 


As with any framework, settings within a corresponding level may need to be adjusted based on the needs of the organization as data protection must evaluate the threat environment, risk appetite, and impact to usability. 


We hope this framework helps you when evaluating what APP settings to deploy in your environment. As always, if you have questions, please let us know. 


Ross Smith IV
Principal Program Manager
Customer Experience Engineering

Version history
Last update:
‎Mar 05 2020 09:00 AM
Updated by: