Saturday, January 29, 2022

Back to the App Protection Policies

Must read

Rudy Ooms
Rudy is a Modern workplace architect and currently working for a company in the Netherlands, called Deltacom Steenbergen. He has been working in IT since he was 16 years old. Within these years, he gained a lot of experience in different kinds of expertise. I guess like most of you, he started working with active directory environments. In June 2021 he received the MVP status in the category Enterprise Mobility for the first time. The multi-tenant PowerShell scripted Deltacom-Cloud environment is one of his creations.

This very small blog will be about the improvements in the Target Policy in App protection and how to update your JSON files to automate the deployment

I will divide this blog into multiple parts

  1. Background information
  2. Changing the JSON

It’s wonderful to see Microsoft Is improving the App Protection Policies. It’s now possible to select “All apps” or “All Microsoft Apps” or even “Core Microsoft Apps”. This will definitely save you some time when you are deploying App protection policies and All of the future Microsoft Apps are automatically added! Isn’t that great?

Let’s take a look at how you could change it. When creating a new or editing a new App protection policy, you have some new options available.

Afbeelding met tekst  Automatisch gegenereerde beschrijving

Let’s take a look at them but I guess most of them speak for themselves.

All Apps –> I guess it means just ALL apps!

All Microsoft Apps –> That’s also an obvious one as it means all Microsoft Apps

Core Microsoft Apps –> But what about the core Microsoft Apps? Luckily you can click on “view a list of apps that will be targeted”

Now we have seen how we could change it manually, let’s change the JSON. When looking at the Github page I created some time ago, you could have noticed I am specifying all the apps which will be targetted

Enrollment/DU2h_AppProtectionPolicyManagedDevices.ps1 at main · Call4cloud/Enrollment (

Afbeelding met tekst  Automatisch gegenereerde beschrijving

But that’s not very nice. Every time a new app is released, you may need to add it to your scripting and update the existing app Protection policies. So how can we change the JSON to target “all Microsoft apps” instead of specifying them one by one?

I guess it was simpler than I thought! You only need to remove the whole “APPS”: [ALL THE SPECIFIED APPS ] part and add this line to the JSON (Don’t’ forget the “,” )

“appGroupType”: “allMicrosoftApps”,

Afbeelding met tekst  Automatisch gegenereerde beschrijving

After you change it and start testing with it, you will notice the new app protection policies will be created and a lot of Apps will be targeted: Android: 33 and IOS: 35

Afbeelding met tekst  Automatisch gegenereerde beschrijving

Please note: When you want to change it to All Core Microsoft Apps or just All Apps, here are the 2 group types you could specify in the JSON

“AppGroupType”: “allCoreMicrosoftApps”,

“AppGroupType”: “allApps”,


I think it’s a wonderful App Protection improvement… I don’t have to say more about it.

Back To The Future GIFs - Get the best GIF on GIPHY

More articles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest articles