App Configuration Policies Demo

The course is part of this learning path

Start course

Publishing Applications With Microsoft Endpoint Manager looks at what's involved when publishing apps to fully managed and BYOD devices. This course examines how to publish and deploy different app types and how to use Microsoft Endpoint manager to implement application configuration and protection. We see what an app needs to support configuration and protection policies, what those policies offer in the way of data protection, and how a policy can configure an app's access to a mobile device's hardware and capabilities. While the course's primary focus is deploying apps to mobile devices through app stores, we also look at using Endpoint manager to publish a custom in-house app to a desktop client.

Learning Objectives

  • Overview of app publishing scenarios
  • Learn about app protection policies and how to create one
  • Learn about app configuration policies and how to create one
  • Publish a custom line of business to a Window client
  • See how to investigate deployment issues

Intended Audience

  • Students working towards the MS-101 Microsoft 365 Mobility and Security exam
  • Those wanting to learn how to use Microsoft Endpoint Manager to publish and deploy applications


  • There are no prerequisite courses needed to take this course

In the case of Android-managed device app configuration, we need to make the apps we want to configure available. Within the endpoint manager admin center, select Apps, then Android. You can see I have already selected a bunch of Android apps from the Managed Google play store. To add an app, click the add button, select Managed Google Play app from the app type drop-down and click the select button. Next, choose the app, making sure it does support managed configuration. I've already selected PowerPoint, so I won't select it again.

To set up a configuration policy, click app configuration policies from the app overview page menu. When we go to create a new app configuration policy, the add button lets us choose whether to use managed devices or managed apps. I'll select managed devices. I'll give the policy a name and description. We're already in the managed devices enrolment scenario, so the enrolment type field is disabled. The platform will be Android Enterprise, and I'll go with all profile types. Next, I'll select the app to be configured. 

I can only select an app I've already associated from the managed Google play store. The settings tab is where we configure the app. You can upload configuration settings in JSON format using the provided template or specify settings with the configuration designer. Above configuration, you can specify access to the device's capabilities by adding permissions. You can specify auto grant, auto deny, or prompt the user for each added permission. As usual, the context menu on the right allows you to delete permissions and configurations. Click next to assign the configuration by a combination of inclusion and exclusion of groups and users. Before creating the policy, you can review the settings and permissions. I'll add permission settings for the camera and external storage.

In the case of creating a configuration policy for managed apps, you select apps from a list of apps that support configuration for either Android or iOS. The managed app policy creation process is similar to the device-managed process but without specifying the platform. There is a list of public apps to choose from or you could select your organization's custom apps.

The actual settings are key-value pairs. You'll need to find out the settings and possible values for the app you're configuring. This information is typically found in the app's documentation supplied by the vendor. The assignments and creation steps are the same as for managed devices.

About the Author
Learning Paths

Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a  Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.