Ability to add apps to the list "require approved client app"
The "require approved client apps" feature in conditional access is a very good security feature, but sometimes a 3:rd party app must be supported, .e.g., a room booking system for mobile devices. If the feature "require approved client apps" is enabled, there is no way to support a 3:rd party app. Please make it possible to add apps (tenant wide) to the "require approved client apps" list.
Rahul Chintala commented
We badly need this feature as we have a Azure AD conditional access policy were we restrict Office 365 data access on approved app's only and want to except a line of business app (relies on public/native application) which access office Graph API and its blocked by the above Conditional access, as its not a Approved client App. We cannot even exclude this LOB App from CA policy as its client (public/native)application.
It would be nice to have the Microsoft 365 Admin app added as well. Since it is not already in the list of public apps.
This is a must, Multitude of office related applications i.e. Enterprise travel application, 3rd party video conferencing, smart meeting rooms etc. needs to be approved to allow them access to user's mailbox so as they have better user experience.
Matt Cooper commented
Is this reuest to support Apps written with the Intune SDK in house or 3rd party vendor Apps?
I cannot agree with this idea more. If the company loads the app in the "Apps" section of Intune and allows installation from company portal, I think there should be an option to mark that app as an "approved client app" and be included in the conditional access group authorization.
Matthew Fuller commented
I am unsure why the "approved client apps" list needs to be any different from the "Microsoft Intune protected apps" list that can be found here:
The documentation for the "approved client apps" feature says that these approved apps are ones that "support the Intune mobile application management feature", which as far as I can tell is true of all the apps listed at the link above. We would like to use third-party Intune-protected apps but also need to use the "Require approved client app" conditional access policy, which is currently impossible. It would be good if these two app lists could be aligned (as an interim step until adding apps to the list ourselves per Erik's suggestion is possible).
Andreas Oet Olofsson commented
Agree, the world consist of more good applications than those that developed by Microsoft.
khodor barakat commented
I agree With Erik, we should have the ability , otherwise the conditional access would be useless in this case