An Azure AD Conditional Access Policy for Internals on Android or iOS to require an approved client app or App Protection Policy (APP).
Suggested name:
CA2{XX}-Internals-DataAndAppProtection-AllApps-iOSorAndroid-ApprovedClientAppOrAPP
Assignments
Users
| Users and groups |
|
| Include users |
CA-Persona-Internals |
| Exclude users |
Break-glass (emergency access) accounts |
Cloud apps or actions
| Cloud apps |
|
| Include |
All cloud apps |
Conditions
Access controls
| Grant access |
|
| Require one of the selected controls |
- Approved client app
- App protection policy
|
References
https://learn.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-architecture
https://learn.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-framework
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common