Planning and implementing application configuration policies is an essential part of managing Microsoft 365 Mobility and Security, a skill that is validated in the MS-101 exam. Primarily, exams candidates are required to have a thorough comprehension of how to develop strategies for planning and implementing the application of these policies.
Understanding Application Configuration Policies
Application configuration policies facilitate app-level settings that allow managers to control effective app use at an organization level. These can be employed for native applications in mobile devices, like email and WiFi settings, or used in custom-made applications, such as hosted web apps.
These policies equip IT professionals with the capability of defining and enforcing what apps can do on a mobile device. Therefore, knowing how to create, implement, and administer these policies is a crucial competency.
Planning Application Configuration Policies
Having a solid plan for application configuration policies is crucial. Here are the steps you should follow:
- Identify the Applications: The first step is to identify which applications are in use within your organization and understand their requirements.
- Define the Policies: Define what policies are needed for each application. This could range from security constraints to user access rights.
- Understand the Work Environment: Understand the devices on which these applications will run. This will help in making an informed decision on policy enforcement.
- Prioritize Policies: Not all policies are of equal importance, and prioritisation will depend on the security needs and business requirements.
- Schedule Implementation: Plan a schedule for the implementation of the policies to avoid any business disruptions.
Implementing Application Configuration Policies
Once you have crafted your plan, it’s time to implement it. You can accomplish this through the Endpoint security section within the Microsoft Endpoint Manager admin center.
Here is a simple step-by-step process:
- Navigate to Microsoft Endpoint Manager Admin Center.
- Select Apps > App Configuration Policies.
- Select ‘Create a profile’ and follow the prompts.
- After finishing the profile, assign it to the appropriate user groups.
- The implemented policy is enforced when the user installs the app from the company portal.
Remember though that each application might require a different method of configuration, as is explained in the Microsoft documentation.
For instance, for an application like Microsoft Outlook, managers can use application configuration policies to modify exact functionalities, like controlling the Outlook Focused Inbox.
Example Configuration:
[
{
“key”: “com.microsoft.outlook.Mail.Features.FocusedInbox”,
“value”: “false”
},
{
“key”: “com.microsoft.outlook.Mail.Features.SharedCalendars”,
“value”: “true”
}
]
Planning and implementing application configuration policies are central skills tested in the MS-101 Microsoft 365 Mobility and Security exam. Therefore, understanding the core uses of these policies, how to plan them effectively, and carry out their execution accurately, is vital for success.
Important Reminders
- Plan Beforehand: Policymaking should be a proactive strategy, not a reactive one.
- Stay Updated: Microsoft, and technology in general, is continually updating and improving, requiring an IT professional to stay updated.
- Testing: Always test your policies with a small user group before fully implementing them.
- Feedback & Review: Regularly review the effectiveness of your policies and make improvements when needed.
Ultimately, the strategy should aim at securing and enhancing your organisation’s application environment. Planning and implementing policy configurations is an ongoing process, ever-evolving with the modernizing workspace.
Practice Test
True or False: Application configuration policies allow the IT administrators to control how certain apps behave on user’s devices.
- True
- False
Answer: True.
Explanation: Application configuration policies are specifically designed to allow IT admins to control the behavior of apps in user devices ensuring security of the data enclosed.
Which of the following can be controlled with app configuration policies on iOS devices? (Multiple Select)
- A. App URLs
- B. Data encryption
- C. App versioning
- D. User interface styles
Answer: A. App URLs, B. Data encryption
Explanation: App configuration policies can manage the settings for App URLs and Enforce data encryption on iOS devices.
True or False: You can use app protection policies for apps on privately owned devices.
- True
- False
Answer: True.
Explanation: App protection policies can also be used on privately owned (BYOD) devices in order to keep work data safe and separate from personal data.
When implementing application configuration policies, when should these policies be applied?
- A. Before app installation
- B. During app installation
- C. After app installation
- D. None of the above
Answer: C. After app installation
Explanation: Configuration settings are managed after an app has been installed.
True or False: App configuration settings are applied without user intervention.
- True
- False
Answer: True.
Explanation: App configuration settings are managed by IT administrators remotely without user interaction.
Which type of policies apply settings or features to an app at the user level regardless of the device it’s installed on?
- A. App protection policy
- B. App configuration policy
- C. Device configuration policy
- D. None of the above
Answer: A. App protection policy
Explanation: App protection policies can protect company data at the app level by applying settings or features at the user level.
True or False: IT administrators can create a list of approved apps and block all other apps through application configuration policies.
- True
- False
Answer: True.
Explanation: Application configuration policies allow IT administrators to create and manage a list of approved apps, hence ensuring the blocking of all non-compliant apps.
True or False: An app configuration policy consists of an app, a profile, a platform, and a configuration designer.
- True
- False
Answer: True.
Explanation: An app configuration policy is essentially an association between an app, a profile, a platform(iOS/Android/Windows), and a configuration designer.
Which of the following is a strategy for managing the lifecycle of an application? (Single Select)
- A. Application Lifecycle Management (ALM)
- B. System Center Configuration Manager (SCCM)
- C. Mobile Device Management (MDM)
- D. All of the above
Answer: A. Application Lifecycle Management (ALM)
Explanation: Application Lifecycle Management (ALM) is a process that involves the coordination of different aspects of software engineering, including development, maintenance, and governance.
Which policy is utilized to remove company data from applications when a device is not compliant?
- A. App protection policy
- B. App configuration policy
- C. Device configuration policy
- D. None of the above
Answer: A. App protection policy
Explanation: App protection policy can protect company data at the app level where it ensures that the company data can be removed when a device is not compliant.
True or False: You cannot configure both managed and unmanaged devices through app configuration policies.
- True
- False
Answer: False.
Explanation: With app configuration policies, you can configure settings for both managed and unmanaged devices.
Which type of app configuration is suitable for Android devices?
- A. Managed iOS configuration
- B. Managed Android configuration
- C. Managed Windows configuration
- D. Managed macOS configuration
Answer: B. Managed Android configuration
Explanation: A managed Android configuration is specifically designed to control Android applications.
Which app cannot be configured by the application configuration policies in Microsoft 365?
- A. Office
- B. Edge
- C. Chrome
- D. Windows Mail
Answer: D. Windows Mail
Explanation: Application configuration policies are primarily intended for mobile apps. They can be used to configure Office, Edge, and Chrome, but not Windows Mail.
True or False: You can create app configuration policies for managed devices only.
- True
- False
Answer: False.
Explanation: You can create app configuration policies for both managed and unmanaged devices.
When an App protection policy is in place, the data within the app is encrypted. If the policy is removed, the data becomes unencrypted. True or False?
- True
- False
Answer: True.
Explanation: When an App protection policy is enforced, it encrypts the data within the app. Hence, if policy is removed, the app’s data becomes unencrypted.
Interview Questions
What functionality is provided by application configuration policies in Microsoft 365?
Application configuration policies in Microsoft 365 allow administrators to create and deploy configurations to Microsoft 365 apps for enterprise (formerly Office 365 ProPlus). This can include things like managing privacy controls, update and upgrade settings, and configuring the end-user experience.
How can an admin create an application configuration policy in the Microsoft 365 admin center?
An application configuration policy can be created by going into the settings section of the Microsoft 365 admin center and selecting “Services and add-ins”, then clicking on “Office software download settings.” From there, the admin can create and manage policies as needed.
What prerequisites must be met to create and implement application configuration policies?
Prerequisites include having Microsoft 365 global administrator or Office Apps admin role, having a Configuration Manager in place, and a deep understanding of relevant steps and settings for policy creation and deployment.
How can the update settings of Microsoft 365 apps be managed using application configuration policies?
In application configuration policy, the update channel can be selected to define how frequently updates are installed and from which channel they come. This is under the “software updates” section in policy creation in the admin center.
If conflicts in application configuration policies occur, which policy will take priority?
If a conflict occurs, the last policy that was applied will take precedence. It is advisable to ensure that the policies do not conflict with each other to avoid confusion and potential issues.
Can you restrict software download settings using application configuration policies?
Yes, you can specify whether users can download the software directly from the Office Content Delivery Network (CDN) on the internet or from specified locations on your internal network.
What is the purpose of using the Office Deployment Tool in setting application configuration policies?
The Office Deployment Tool (ODT) allows administrators to manage configurations for Microsoft 365 Apps for enterprise, such as what products and languages are installed, how those products are updated, and application preferences.
How do you assign an application configuration policy to users?
After creating the policy, it is assigned to users through a group tag. Any users with the matching group tag will receive the assigned policy.
Can a single user have multiple application configuration policies assigned to them?
Yes, a single user can have multiple application configuration policies. But if the policies contain conflicting settings, the last applied policy will take precedence.
What can an admin do to troubleshoot application configuration policies if they are not working as expected?
The admin can use Office Configuration Analyzer Tool (OffCAT) which is a program that provides a detailed report of installed Office programs. This report includes many parameters about your Office program configuration and highlights known problems found when OffCAT scans your computer.
extutorials.com