Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Could not create iosManagedAppProtections policy #4

Closed
dballardmaung opened this issue Oct 2, 2018 · 10 comments
Closed

Could not create iosManagedAppProtections policy #4

dballardmaung opened this issue Oct 2, 2018 · 10 comments
Assignees
@rohitramu

Comments

@dballardmaung
Copy link

Trying to create a test iOS App protection policy using New-DeviceAppManagement_IosManagedAppProtections but keep on receiving Bad Request 400 after connecting to MSGraph. I am using a demo tenant for this testing.

I use the below command and its parameters:
New-DeviceAppManagement_IosManagedAppProtections -ODataType microsoft.graph.iosManagedAppProtection -displayName TestIosAppPolicy -periodOfflineBeforeAccessCheck 00:12:00 -periodOnlineBeforeAccessCheck 00:00:30 -allowedInboundDataTransferSources allApps -allowedOutboundDataTransferDestinations managedApps -organizationalCredentialsRequired $false -allowedOutboundClipboardSharingLevel managedAppsWithPasteIn -dataBackupBlocked $true -deviceComplianceRequired $true -managedBrowserToOpenLinksRequired $true -saveAsBlocked $true -periodOfflineBeforeWipeIsEnforced 90:00:00 -pinRequired $true -maximumPinRetries 5 -simplePinBlocked $false -minimumPinLength 4 -pinCharacterSet alphanumericAndSymbol -periodBeforePinReset 00:00:00 -allowedDataStorageLocations oneDriveForBusiness,sharePoint,localStorage -contactSyncBlocked $false -printBlocked $true -fingerprintBlocked $false -disableAppPinIfDevicePinIsSet $false -appDataEncryptionType whenDeviceLocked -faceIdBlocked $false

Not sure what I am missing. Appreciate your help with this.

Thanks
Danny
@davefalkus
Copy link
Collaborator

davefalkus commented Oct 2, 2018
edited

Hi @dballardmaung,

The following will work for you:

New-DeviceAppManagement_ManagedAppPolicies -iosManagedAppProtection -displayName "iOS MAM / APP Policy" -periodOfflineBeforeAccessCheck (New-TimeSpan -Hours 12) -periodOnlineBeforeAccessCheck (New-TimeSpan -Minutes 30) -allowedInboundDataTransferSources managedApps -allowedOutboundDataTransferDestinations managedApps -allowedOutboundClipboardSharingLevel managedAppsWithPasteIn -organizationalCredentialsRequired $false -dataBackupBlocked $true -managedBrowserToOpenLinksRequired $false -deviceComplianceRequired $false -saveAsBlocked $true -periodOfflineBeforeWipeIsEnforced (New-TimeSpan -Days 30) -pinRequired $true -maximumPinRetries 5 -simplePinBlocked $false -minimumPinLength 4 -pinCharacterSet numeric -periodBeforePinReset (New-TimeSpan -Days 30) -allowedDataStorageLocations @("oneDriveForBusiness","sharePoint") -contactSyncBlocked $false -printBlocked $true -fingerprintBlocked $false -disableAppPinIfDevicePinIsSet $false

The reason why yours was failing was the entries for "-periodOnlineBeforeAccessCheck" requires the input to be in a timespan format, so the sample above should help.

Let us know if it doesn't work.

Dave

@dballardmaung
Copy link
Author

Hi @davefalkus,

Thanks for the quick reply and a sample. I will test it out tonight.

Danny

@dballardmaung
Copy link
Author

Hi @davefalkus,

I was able to create iOS and Android App protection policies using your sample you provided. Now I am trying to add Target apps to app protect polices and having no luck after trying several syntax.

I was able to get an output of IosManagedAppProtections_Apps.

Get-DeviceAppManagement_IosManagedAppProtections_Apps -iosManagedAppProtectionId T_e9d815d5-0faa-4517-8700-16bc91912c72 (worked wonderful)

Errors from commands:

  • New-DeviceAppManagement_IosManagedAppProtections_Apps

  • New-DeviceAppManagement_ManagedAppPolicies_Apps

  • Get-DeviceAppManagement_IosManagedAppProtections_Assignments

PS C:> New-DeviceAppManagement_IosManagedAppProtections_Apps -iosManagedAppProtectionId T_e9d815d5-0faa-4517-8700-16bc91912c72 -ODataType iosMobileAppIdentifier -mobileAppIdentifier bundleId=wefwef
New-DeviceAppManagement_IosManagedAppProtections_Apps : 400 Bad Request
{
"error": {
"code": "BadRequest",
"message": "Property mobileAppIdentifier in payload has a value that does not match schema.",
"innerError": {
"request-id": "982e3da2-b257-4992-a864-c8c0177e9113",
"date": "2018-10-04T02:08:51"
}
}
}
At line:1 char:1

  • New-DeviceAppManagement_IosManagedAppProtections_Apps -iosManagedAppP ...
  •   + CategoryInfo          : ConnectionError: (@{Request=; Response=}:PSObject) [New-DeviceAppMa...rotections_Apps], HttpRequestException
  + FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.New_DeviceAppManagement_IosManagedAppProtections_Apps

PS C:> New-DeviceAppManagement_IosManagedAppProtections_Apps -iosManagedAppProtectionId T_e9d815d5-0faa-4517-8700-16bc91912c72 -ODataType iosMobileAppIdentifier -mobileAppIdentifier wefwef
New-DeviceAppManagement_IosManagedAppProtections_Apps : 400 Bad Request
{
"error": {
"code": "BadRequest",
"message": "Property mobileAppIdentifier in payload has a value that does not match schema.",
"innerError": {
"request-id": "f304ac07-b817-49a6-a3c2-57be2b9e0c82",
"date": "2018-10-04T02:09:35"
}
}
}
At line:1 char:1

  • New-DeviceAppManagement_IosManagedAppProtections_Apps -iosManagedAppP ...
  •   + CategoryInfo          : ConnectionError: (@{Request=; Response=}:PSObject) [New-DeviceAppMa...rotections_Apps], HttpRequestException
  + FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.New_DeviceAppManagement_IosManagedAppProtections_Apps

PS C:> New-DeviceAppManagement_ManagedAppPolicies_Apps -managedAppPolicyId T_e9d815d5-0faa-4517-8700-16bc91912c72 -managedAppPolicyODataType 'microsoft.graph.iosManagedAppProtection' -ODataType iosMobileAppIdentifier -mobileAppIdentifier 'bundleId=wefwef'
New-DeviceAppManagement_ManagedAppPolicies_Apps : 400 Bad Request
{
"error": {
"code": "BadRequest",
"message": "Property mobileAppIdentifier in payload has a value that does not match schema.",
"innerError": {
"request-id": "f0c05522-7ad7-4f84-8f37-375457bd487c",
"date": "2018-10-04T01:55:28"
}
}
}
At line:1 char:1

  • New-DeviceAppManagement_ManagedAppPolicies_Apps -managedAppPolicyId T ...
  •   + CategoryInfo          : ConnectionError: (@{Request=; Response=}:PSObject) [New-DeviceAppMa...ppPolicies_Apps], HttpRequestException
  + FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.New_DeviceAppManagement_ManagedAppPolicies_Apps

PS C:> New-DeviceAppManagement_ManagedAppPolicies_Apps -managedAppPolicyId 'TestIosAppPolicy' -managedAppPolicyODataType 'microsoft.graph.iosManagedAppProtection' -ODataType iosMobileAppIde
ntifier -mobileAppIdentifier 'bundleId=wefwef'
New-DeviceAppManagement_ManagedAppPolicies_Apps : 400 Bad Request
{
"error": {
"code": "BadRequest",
"message": "Property mobileAppIdentifier in payload has a value that does not match schema.",
"innerError": {
"request-id": "6154be79-7b14-476a-9917-e8e34e5f55ab",
"date": "2018-10-04T01:55:49"
}
}
}
At line:1 char:1

  • New-DeviceAppManagement_ManagedAppPolicies_Apps -managedAppPolicyId ' ...
  •   + CategoryInfo          : ConnectionError: (@{Request=; Response=}:PSObject) [New-DeviceAppMa...ppPolicies_Apps], HttpRequestException
  + FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.New_DeviceAppManagement_ManagedAppPolicies_Apps

PS C:> Get-DeviceAppManagement_IosManagedAppProtections_Assignments -iosManagedAppProtectionId T_af49a5a1-647a-4e80-809e-babe4bce97ac -iosManagedAppProtectionODataType "microsoft.graph.iosManagedAppProtection"
Get-DeviceAppManagement_IosManagedAppProtections_Assignments : 400 Bad Request
{
"error": {
"code": "No method match route template",
"message": "No OData route exists that match template ~/singleton/navigation/key/cast/navigation with http verb GET for request
/MAMAdmin/MAMAdminFEService/deviceAppManagement/iosManagedAppProtections('T_af49a5a1-647a-4e80-809e-babe4bce97ac')/$/microsoft.management.services.api.iosManagedAppProtection/assignments.",
"innerError": {
"request-id": "1c0bd3d9-7421-4880-9498-e074e7a55e8e",
"date": "2018-10-04T02:03:22"
}
}
}
At line:1 char:1

  • Get-DeviceAppManagement_IosManagedAppProtections_Assignments -iosMana ...
  •   + CategoryInfo          : ConnectionError: (@{Request=; Response=}:PSObject) [Get-DeviceAppMa...ons_Assignments], HttpRequestException
  + FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_DeviceAppManagement_IosManagedAppProtections_Assignments

PS C:> Get-DeviceAppManagement_IosManagedAppProtections_Assignments -iosManagedAppProtectionId T_af49a5a1-647a-4e80-809e-babe4bce97ac -iosManagedAppProtectionODataType "microsoft.graph.iosManagedAppProtection"
Get-DeviceAppManagement_IosManagedAppProtections_Assignments : 400 Bad Request
{
"error": {
"code": "No method match route template",
"message": "No OData route exists that match template ~/singleton/navigation/key/cast/navigation with http verb GET for request
/MAMAdmin/MAMAdminFEService/deviceAppManagement/iosManagedAppProtections('T_af49a5a1-647a-4e80-809e-babe4bce97ac')/$/microsoft.management.services.api.iosManagedAppProtection/assignments.",
"innerError": {
"request-id": "1c0bd3d9-7421-4880-9498-e074e7a55e8e",
"date": "2018-10-04T02:03:22"
}
}
}
At line:1 char:1

  • Get-DeviceAppManagement_IosManagedAppProtections_Assignments -iosMana ...
  •   + CategoryInfo          : ConnectionError: (@{Request=; Response=}:PSObject) [Get-DeviceAppMa...ons_Assignments], HttpRequestException
  + FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlets.Get_DeviceAppManagement_IosManagedAppProtections_Assignments

Any help is appreciated.

What I would like to see is to have some examples for the command when using get help -examples as well as clear information when using -full or -detailed

get-help -Examples

Danny

@rohitramu
Copy link
Contributor

rohitramu commented Oct 4, 2018
edited

1. Get some managed apps

This should give you all of the apps that you are allowed to target (since you can only target managed apps):

$apps = Get-DeviceAppManagement_MobileApps | Where-Object { $_.'@odata.type' -like '#microsoft.graph.managed*' }

You can use this list of apps as-is if you want to apply the policy to all managed apps, otherwise you can filter this down further.

2. Get the app identifiers for these apps

For iOS apps, this would be the "bundleId":

$appIdentifiers = $apps | ForEach-Object {
   if (-not [string]::IsNullOrEmpty($_.bundleId)) {
     New-ManagedMobileAppObject -mobileAppIdentifier (New-MobileAppIdentifierObject -iosMobileAppIdentifier -bundleId $_.bundleId)
   }
 }

For Android apps, this is the "packageId":

$appIdentifiers = $apps | ForEach-Object {
   if (-not [string]::IsNullOrEmpty($_.packageId)) {
     New-ManagedMobileAppObject -mobileAppIdentifier (New-MobileAppIdentifierObject -androidMobileAppIdentifier -packageId $_.packageId)
   }
 }

3. Get a reference to the policy object

To do this, you can store the result of the cmdlet that you used to create the policy:

$policy = New-DeviceAppManagement_ManagedAppPolicies `
    -iosManagedAppProtection ` # This platform (iOS/Android) MUST match the type of apps retrieved in step 2
    -displayName "iOS MAM / APP Policy" `
    -periodOfflineBeforeAccessCheck (New-TimeSpan -Hours 12) `
    -periodOnlineBeforeAccessCheck (New-TimeSpan -Minutes 30) `
    -allowedInboundDataTransferSources managedApps `
    -allowedOutboundDataTransferDestinations managedApps `
    -allowedOutboundClipboardSharingLevel managedAppsWithPasteIn `
    -organizationalCredentialsRequired $false `
    -dataBackupBlocked $true `
    -managedBrowserToOpenLinksRequired $false `
    -deviceComplianceRequired $false `
    -saveAsBlocked $true `
    -periodOfflineBeforeWipeIsEnforced (New-TimeSpan -Days 30) `
    -pinRequired $true `
    -maximumPinRetries 5 `
    -simplePinBlocked $false `
    -minimumPinLength 4 `
    -pinCharacterSet numeric `
    -periodBeforePinReset (New-TimeSpan -Days 30) `
    -allowedDataStorageLocations @("oneDriveForBusiness","sharePoint") `
    -contactSyncBlocked $false `
    -printBlocked $true `
    -fingerprintBlocked $false `
    -disableAppPinIfDevicePinIsSet $false

Or if you've already created the policy, you can get it like this:

$policy = Get-DeviceAppManagement_IosManagedAppProtections -iosManagedAppProtectionId '<policy ID goes here>'

NOTE: Make sure that the type of policy (iOS/Android) matches the platform of the apps being targeted.

4. Target the policy to the apps

Let's say that you put the policy object in a variable called $policy. The following command should allow you to target the policy to the apps:

Invoke-DeviceAppManagement_ManagedAppPolicies_TargetApps -managedAppPolicyId $policy.id -apps $appIdentifiers

Thanks for the feedback about documentation. It is quite difficult to add specific, meaningful examples to the Get-Help documentation itself because the whole module (including documentation) is automatically generated. However, we can definitely add this to the Wiki in this GitHub repo. Also, if this is a common scenario for you, please do let us know. We are working on building up a library of "Scenario Modules" that will simplify common use cases. The scenario modules can be found here: https://github.com/Microsoft/Intune-PowerShell-Management.

@dballardmaung
Copy link
Author

Hi @rohitramu

Thanks for the pointers. I was able to develop commands to automate App Protection Policy for iOS.

New-DeviceAppManagement_ManagedAppPolicies -iosManagedAppProtection -displayName $PolName -periodOfflineBeforeAccessCheck (New-TimeSpan -Hours 12) -periodOnlineBeforeAccessCheck (New-TimeSpan -Minutes 30) -allowedInboundDataTransferSources allApps -allowedOutboundDataTransferDestinations managedApps -allowedOutboundClipboardSharingLevel managedAppsWithPasteIn -organizationalCredentialsRequired $false -dataBackupBlocked $true -deviceComplianceRequired $true -managedBrowserToOpenLinksRequired $true -saveAsBlocked $true -periodOfflineBeforeWipeIsEnforced (New-TimeSpan -Days 90) -pinRequired $true -maximumPinRetries 5 -simplePinBlocked $false -minimumPinLength 4 -pinCharacterSet Numeric -periodBeforePinReset 00:00:00 -allowedDataStorageLocations oneDriveForBusiness,sharePoint,localStorage -contactSyncBlocked $false -printBlocked $true -fingerprintBlocked $false -disableAppPinIfDevicePinIsSet $false -appDataEncryptionType whenDeviceLocked -faceIdBlocked $false

$iosAppPrtPol = Get-DeviceAppManagement_IosManagedAppProtections

$iOSapps = Get-DeviceAppManagement_MobileApps | Where-Object { $_.'@odata.type' -like '#microsoft.graph.managed*' }

$appIosIdentifiers = $iOSapps | ForEach-Object{
	if (-not [string]::IsNullOrEmpty($_.bundleId))
	{
		$placer1 = $_.bundleId
		If ($placer1 -ne 'com.box.mdmios' -and `
		$placer1 -ne 'com.sharefile.mobile.intune' -and `
		$placer1 -ne 'com.microsoft.office365booker' -and `
		$placer1 -ne 'nl.msi.ibabspro.it' -and `
		$placer1 -ne 'com.microsoft.o365smb.engagex' -and `
		$placer1 -ne 'com.microsoft.dynamics' -and `
		$placer1 -ne 'com.microsoft.dynamics.iphone.moca' -and `
		$placer1 -ne 'com.microsoft.dynamics.invoice' -and `
		$placer1 -ne 'com.microsoft.mobile.polymer' -and `
		$placer1 -ne 'com.microsoft.shiftr' -and `
		$placer1 -ne 'com.microsoft.groupies-daily' -and `
		$placer1 -ne 'com.printeron.printeron.microsoft' -and `
		$placer1 -ne 'com.microsoft.rdc.ios' -and `
		$placer1 -ne 'com.veradocs.ios.appstore.intune')
		{
			New-ManagedMobileAppObject -mobileAppIdentifier (New-MobileAppIdentifierObject -iosMobileAppIdentifier -bundleId $placer1)
		}
	}}

$iOSpolicy = Get-DeviceAppManagement_IosManagedAppProtections -iosManagedAppProtectionId $iosAppPrtPol.id

Invoke-DeviceAppManagement_ManagedAppPolicies_TargetApps -managedAppPolicyId $iOSpolicy.id -apps $appIosIdentifiers

I am running into some difficulties:

  • Add assignment using security group to iOS app protection policy using below cmdlet with iosManagedAppProtections id and
    Get-DeviceAppManagement_IosManagedAppProtections_Assignments -iosManagedAppProtectionId T_62a17798-f812-488b-92f7-0ffc18d93652 -iosManagedAppProtectionODataType microsoft.graph.iosManagedAppProtection

  • Adding a new App from iosStoreApp using the below code and ran into an error. I followed your example of adding a webapp for adding iosStoreApp
    New-DeviceAppManagement_MobileApps -iosStoreApp -displayName 'Adobe Acrobat Reader' -publisher 'Adobe' -bundleId 'com.adobe.Adobe-Reader' -appStoreUrl 'https://itunes.apple.com/us/app/adobe-acrobat-reader/id469337564'

Error return code:

New-DeviceAppManagement_MobileApps : 400 Bad Request
{
  "error": {
    "code": "",
    "message": "The request is invalid.",
    "innerError": {
      "request-id": "886b8204-69d1-4fcf-ac6d-3580f2fd917f",
      "date": "2018-10-05T02:56:35"
    }
  }
}
At line:1 char:1
+ New-DeviceAppManagement_MobileApps -iosStoreApp -displayName 'Adobe A ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ConnectionError: (@{Request=; Response=}:PSObject) [New-DeviceAppManagement_MobileApps],
    HttpRequestException
    + FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlet
   s.New_DeviceAppManagement_MobileApps

Can you provide any tips/Pointers on my two huddles?

Thanks

Danny

@rohitramu
Copy link
Contributor

Your first command is actually getting the full list of iOS app protection policies instead of just the one you want. Please ensure you provide the policy ID if you want to get a particular policy. Also, from what I can tell, the only way to get the assignments for an app protection policy in Graph v1.0 is by making a "$expand" call:

$iosAppPrtPol = Get-DeviceAppManagement_IosManagedAppProtections `
    -iosManagedAppProtectionId 'T_62a17798-f812-488b-92f7-0ffc18d93652' `
    -Expand assignments

$iosAppPrtPolAssignments = $iosAppPrtPol.assignments

In terms of creating a security group assignment for an app protection policy, I'm still investigating how to do that. I'll reply here once I have more information.

For creating the iOS store app, you need to provide the applicableDeviceType and minimumSupportedOperatingSystem parameters:

$app = New-DeviceAppManagement_MobileApps `
    -iosStoreApp `
    -displayName 'Adobe Acrobat Reader' `
    -publisher 'Adobe' `
    -bundleId 'com.adobe.Adobe-Reader' `
    -appStoreUrl 'https://itunes.apple.com/us/app/adobe-acrobat-reader/id469337564' `
    -applicableDeviceType (New-IosDeviceTypeObject -iPad $true -iPhoneAndIPod $true) `
    -minimumSupportedOperatingSystem (New-IosMinimumOperatingSystemObject -v8_0 $true)

@dballardmaung
Copy link
Author

@rohitramu

Thanks for your information. I was able to apps for iOS and Built-in Android. Just want to know if there is a cmdlet to add apps from Android Enterprise (Managed Google Play store).

I will watch for your update on creating a security group assignment for an app protection policy.

Will the next update include creation of Conditional Access policy cmdlet?

Thank you for your help.

@rohitramu
Copy link
Contributor

rohitramu commented Oct 11, 2018
edited

Hey Danny,

I have uploaded an updated release (please download it from the "Releases" tab in this repository. It includes the cmdlet for assigning an app protection policy to a group. Using the updated release, your commands would look something like this:

# 1) Create the policy
$policy = New-DeviceAppManagement_ManagedAppPolicies `
    -iosManagedAppProtection ` # This platform (iOS/Android) MUST match the type of apps retrieved in step 2
    -displayName "iOS MAM / APP Policy" `
    -periodOfflineBeforeAccessCheck (New-TimeSpan -Hours 12) `
    -periodOnlineBeforeAccessCheck (New-TimeSpan -Minutes 30) `
    -allowedInboundDataTransferSources managedApps `
    -allowedOutboundDataTransferDestinations managedApps `
    -allowedOutboundClipboardSharingLevel managedAppsWithPasteIn `
    -organizationalCredentialsRequired $false `
    -dataBackupBlocked $true `
    -managedBrowserToOpenLinksRequired $false `
    -deviceComplianceRequired $false `
    -saveAsBlocked $true `
    -periodOfflineBeforeWipeIsEnforced (New-TimeSpan -Days 30) `
    -pinRequired $true `
    -maximumPinRetries 5 `
    -simplePinBlocked $false `
    -minimumPinLength 4 `
    -pinCharacterSet numeric `
    -periodBeforePinReset (New-TimeSpan -Days 30) `
    -allowedDataStorageLocations @("oneDriveForBusiness","sharePoint") `
    -contactSyncBlocked $false `
    -printBlocked $true `
    -fingerprintBlocked $false `
    -disableAppPinIfDevicePinIsSet $false

# 2) Get managed iOS apps and create "managedMobileApp" PowerShell objects which contain a mobileAppItentifier
$iOSapps = Get-DeviceAppManagement_MobileApps | Where-Object { $_.'@odata.type' -like '#microsoft.graph.managed*' }
$managedAppObjects = $iOSapps | ForEach-Object {
    if (-not [string]::IsNullOrEmpty($_.bundleId)) {
        New-ManagedMobileAppObject -mobileAppIdentifier (New-MobileAppIdentifierObject -iosMobileAppIdentifier -bundleId $_.bundleId)
    }
}

# 3) Target the app protection policy to the apps
Invoke-DeviceAppManagement_IosManagedAppProtections_TargetApps -iosManagedAppProtectionId $policy.id -apps $managedAppObjects

# 4) Assign the app protection policy to some groups
$groups = Get-Groups # Filter this list of groups as you'd like
$groups | ForEach-Object {
    Invoke-DeviceAppManagement_IosManagedAppProtections_Assign -iosManagedAppProtectionId $policy.id -assignments @(
        New-TargetedManagedAppPolicyAssignmentObject `
            -target (New-DeviceAndAppManagementAssignmentTargetObject -groupAssignmentTarget -groupId $group.id)
    )
}

Regarding Conditional Access and Android Enterprise, I will have to investigate which APIs to use. Could you please open separate issues for each of those so we can keep the discussion on topic?

Let me know if you were able to get everything working with iosAppProtectionPolicies, and I can go ahead and close this issue.

Kind regards,
Rohit

@dballardmaung
Copy link
Author

Hi @rohitramu

Thank you for your help. I am able to create a whole script that will do what I want to do. I will open a new issue for CA and Android Enterprise.

@rohitramu
Copy link
Contributor

Thanks Danny!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rohitramu rohitramu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rohitramu @davefalkus @dballardmaung