What are App Protection Policies?
In the context of mobile device security, App Protection Policies (APP) are a set of rules enforced by an organisation to safeguard sensitive corporate data on employee devices. These policies apply specifically to mobile applications, working independently of whether the device itself is managed by the IT department (Bring Your Own Device – BYOD).
Benefits
APP offers several advantages for IT security:
- Data Loss Prevention (DLP): APP can restrict how corporate data can be moved or shared within apps. This prevents accidental leaks or unauthorised transfers of sensitive information.
- Enhanced Compliance: Organisations in regulated industries can leverage APP to comply with data protection requirements by ensuring corporate data is handled according to regulations.
- Improved Device Security: APP can enforce access controls on apps containing sensitive data, requiring PINs or biometrics for access and potentially restricting features like cut, copy and paste.
Use Cases
Here are some scenarios where APP can be beneficial:
- Securing corporate email on employee phones: APP can enforce encryption and PIN access for apps like Outlook, ensuring only authorised users can access work emails.
- Protecting financial data on tablets: Organisations in finance can leverage APP to restrict data sharing on apps used for mobile banking or expense management.
- Safeguarding customer information in retail: APP can be used to secure CRM applications on devices used by sales staff, preventing unauthorised access to customer data.
Key Components
APP functionalities typically involve:
- Conditional access: Restricts access to corporate data within protected apps based on factors like device security posture or user location.
- Data encryption: Encrypts work data stored on the device within the protected app, rendering it unusable if accessed by unauthorised parties.
- Application Protection Platforms (APPs): These platforms, such as Microsoft Intune, are used to configure and deploy APP policies to various mobile devices.
How Microsoft helps
Microsoft Intune, a core component of Microsoft Endpoint Manager, provides robust APP functionalities:
- Intune app protection policies: Allow for granular control over data access, encryption, and application behaviour within the protected apps.
- Conditional access with Azure AD: Integrates with APP to enforce additional security measures based on user identity and device health.
- Microsoft Defender for Endpoint: Offers unified endpoint management for mobile devices, including those protected by APP policies.