Office 365 App Protection overview

Office 365 App Protection provides important Data Loss Prevention (DLP) for Office 365 apps, such as Microsoft Word, Excel, PowerPoint, and so on. It allows administrators to manage policies and configurations that secure data in Office 365 apps on iOS devices.

Some Graph APIs can be in beta. Use this feature accordingly.

You can manage Office 365 apps by:

  • Enforcing PIN for Office 365 apps
  • Disabling contacts to sync from Office 365 apps
  • Preventing users from printing from Office 365 apps
  • Preventing outbound data sharing from Office 365 apps

Prerequisites for using Office 365 App Protection

Before you can use Office 365 App Protection, you must have:

  • A valid Ivanti EPMM license.
  • A valid Intune subscription or a Microsoft EMS subscription that includes Intune.
  • A valid Office Enterprise or Business subscription with access to Office 365 apps on a mobile device.
  • One or more Office 365 apps.
  • Synced your Active Directory users to your Azure Active Directory.
  • One Drive for Business installed on devices to protect data on Word, Excel, and PowerPoint.
  • Intune Company Portal app installed on Android devices.
  • Device users are not required to sign in, but this app must be installed on the device to protect data on device.

Office 365 App Protection window

Before you register Ivanti EPMM as an Azure app, only the Services > Microsoft Graph > Settings tab is enabled. Once you register Ivanti EPMM as an Azure app, all the tabs are enabled.

Access the Office 365 App Protection window by logging into the Admin Portal and going to Services > Microsoft Graph. This window includes the following options:

  • Policies: Use this tab to add and manage Office 365 DLP policies. You can perform the following actions on each policy:
    • Assign one or more User groups to the policy.
    • Assign apps to the policy.
    • Delete the policy.

See Adding Office 365 App Protection policies for details on how to add a Office 365 App Protection policy.

  • Configurations: Use this tab to add and manage Office 365 DLP configurations. You can perform the following actions on each policy:
    • Assign one or more User groups to the configuration.
    • Assign apps to the configuration.
    • Delete the configuration.

See Office 365 App Protection configurations for details on how to add a Office 365 App Protection configuration.

  • User Groups: Use this tab to search for and view user groups available to add to a policy or configuration.
  • Reports: Use this tab to view and download user and app reports and manage wipe requests. These reports are populated with data that comes from Azure Active Directory during real-time syncs.
  • Settings: Use this tab to register Ivanti EPMM as an Office 365 app. These reports are populated with data that comes from Azure Active Directory during real-time syncs.