Skip to content

Assign users to an Intune app protection policy

An Intune app protection policy is only applied to an app when it is used by an assigned user. You assign users not individually but by Microsoft Entra ID (Azure AD) security groups.

  1. On the menu sidebar, click Policies > Intune app protection.
  2. You might be forwarded to a Microsoft page for authentication. On that page, enter your Microsoft Azure administrator credentials.
  3. On the Policies - Intune app protection page of Sophos Mobile, click the blue triangle next to the policy you want to assign users to, and then click Assign user groups.
  4. In the list of available Microsoft Entra ID (Azure AD) security groups, select the groups you want to include or exclude:

    • Include: The policy applies to members of this group.
    • Exclude: The policy doesn’t apply to members of this group, even if they are also members of an Include group.
    • Not assigned: The policy doesn’t apply to members of this group, unless they are also members of an Include group.
  5. Click Save.

You can view the user assignment in the Microsoft Azure portal. You might need to sign in again to the portal to refresh the information displayed.

Note

The policy only applies to users with an Intune license assigned to their Microsoft Entra ID (Azure AD) account. Other users in the selected security groups are not affected.