CA-05HighEnhanced Security

Require App Protection for Mobile Access

Conditional Access control for Microsoft 365 and Entra ID

Why This Control Matters

Mobile devices accessing corporate data should use apps with protection policies. This prevents data leakage through unmanaged apps and ensures corporate data remains protected on personal devices.

Expected State

When this control is compliant, your tenant should meet these criteria:

1A Conditional Access policy requires approved or compliant applications for mobile
2Policy targets iOS and Android platforms
3Office 365 or all cloud apps are protected

Enforcement

Default Mode

Advisory

Alerts on deviations but does not make changes

Auto-Remediation

Available

Creates a CA policy requiring app protection for mobile devices. PREREQUISITE: Intune App Protection Policies must be configured.

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.