public interface

AppPolicy

com.microsoft.intune.mam.policy.AppPolicy

Class Overview

Information about the admin-configured policy for this app. Use MAMPolicyManager to obtain this policy.

Summary

Public Methods
abstract boolean areIntentActivitiesAllowed(Intent intent)
Checks whether any activities which could handle the given intent are allowed by policy.
abstract boolean diagnosticHasOpenRestriction()
Test whether there are any OpenLocation restrictions.
abstract boolean diagnosticHasSaveRestriction()
Test whether there are any SaveLocation restrictions.
abstract boolean diagnosticIsFileEncryptionInUse()
This method is intended for diagnostic/telemetry purposes only.
abstract boolean getIsContactSyncAllowed()
Check if policy allows Contact sync to local contact list.
abstract boolean getIsManagedBrowserRequired()
Whether the Intune Managed Browser is required to open web links.
abstract boolean getIsOpenFromContentUriAllowed(Uri location)
Check if policy prohibits opening from a content provider location.
abstract boolean getIsOpenFromLocalStorageAllowed(File file)
Determines if the provided File in local storage can be opened.
abstract boolean getIsOpenFromLocationAllowed(OpenLocation location, String username)
This method is deprecated. Use getIsOpenFromLocationAllowedForOID(OpenLocation, String).
abstract boolean getIsOpenFromLocationAllowedForOID(OpenLocation location, String oid)
Determines if data from the OpenLocation can be opened for the account associated with the data.
abstract boolean getIsPinRequired()
Whether the SDK PIN prompt is enabled for the app.
abstract boolean getIsSaveToLocationAllowed(Uri location)
Check if policy prohibits saving to a content provider location.
abstract boolean getIsSaveToLocationAllowed(SaveLocation service, String username)
This method is deprecated. Use getIsSaveToLocationAllowedForOID(SaveLocation, String).
abstract boolean getIsSaveToLocationAllowedForOID(SaveLocation service, String oid)
Determines if the SaveLocation passed in can be saved to by the account associated with the cloud service.
abstract boolean getIsSaveToPersonalAllowed()
Restrict where an app can save personal data.
abstract boolean getIsScreenCaptureAllowed()
Check if policy allows taking screenshots.
abstract NotificationRestriction getNotificationRestriction()
Get the notification restriction.
abstract String toString()
Return the policy in string format to the app.

Public Methods

public abstract boolean areIntentActivitiesAllowed (Intent intent)

Checks whether any activities which could handle the given intent are allowed by policy. Returns false only if all activities which could otherwise handle the intent are blocked. If there are no activities which could handle the intent regardless of policy, returns true. If some activities are allowed and others blocked, returns true. Note that it is not necessary to use this method for policy enforcement. If your app attempts to launch an intent for which there are no allowed activities, MAM will display a dialog explaining the situation to the user.

Parameters
intent intent to check
Returns
  • whether any activities which could handle this intent are allowed.

public abstract boolean diagnosticHasOpenRestriction ()

Test whether there are any OpenLocation restrictions. This may be used for diagnostic purposes or UX purposes, for example when deciding to show text warning users that policy may restrict their actions. When a specific open action is being performed, your app must call getIsOpenFromLocationAllowed to test it -- do not use this method for policy enforcement decisions. For example, if this AppPolicy object represents policy for an unmanaged user, this method will return false, but getIsOpenFromLocationAllowed(OpenLocation.SHAREPOINT, managedUserUpn) could still return false (disallowed).

Returns
  • whether any OpenLocation restrictions exist

public abstract boolean diagnosticHasSaveRestriction ()

Test whether there are any SaveLocation restrictions. This may be used for diagnostic purposes or UX purposes, for example when deciding to show text warning users that policy may restrict their actions. When a specific open action is being performed, your app must call getIsSaveToLocationAllowed to test it -- do not use this method for policy enforcement decisions. For example, if this AppPolicy object represents policy for an unmanaged user, this method will return false, but getIsSaveToLocationAllowed(SaveLocation.SHAREPOINT, managedUserUpn) could still return false (disallowed). See also

Returns
  • whether any SaveLocation restrictions exist
See Also
  • diagnosticHasOpenRestriction

public abstract boolean diagnosticIsFileEncryptionInUse ()

This method is intended for diagnostic/telemetry purposes only. It can be used to discover whether file encryption is in use. File encryption is transparent to the app and the app should not need to make any business logic decisions based on this.

Returns
  • True if file encryption is in use.

public abstract boolean getIsContactSyncAllowed ()

Check if policy allows Contact sync to local contact list.

Returns
  • True if Contact sync is allowed to save to local contact list; false otherwise.

public abstract boolean getIsManagedBrowserRequired ()

Whether the Intune Managed Browser is required to open web links.

Returns
  • True if the Managed Browser is required, false otherwise

public abstract boolean getIsOpenFromContentUriAllowed (Uri location)

Check if policy prohibits opening from a content provider location.

Parameters
location a content URI to check
Returns
  • True if location is not a content URI or if policy does not prohibit opening from the content location.

public abstract boolean getIsOpenFromLocalStorageAllowed (File file)

Determines if the provided File in local storage can be opened.

Parameters
file the file being opened.
Returns
  • true if the data can be opened from the location for the current identity, false if otherwise.

public abstract boolean getIsOpenFromLocationAllowed (OpenLocation location, String username)

This method is deprecated.
Use getIsOpenFromLocationAllowedForOID(OpenLocation, String).

Determines if data from the OpenLocation can be opened for the username associated with the data.

Parameters
location see OpenLocation.
username the username/email associated with the location the data is being opened from. Use null if a mapping between the AAD username and the cloud service username does not exist or the username is not known.
Returns
  • true if the data can be opened from the location for the identity, false if otherwise.

public abstract boolean getIsOpenFromLocationAllowedForOID (OpenLocation location, String oid)

Determines if data from the OpenLocation can be opened for the account associated with the data.

Parameters
location see OpenLocation.
oid the AAD User Id of the account associated with the location the data is being opened from. Use null if a mapping between the AAD account and the cloud service account does not exist or the account is not known.
Returns
  • true if the data can be opened from the location for the identity, false if otherwise.

public abstract boolean getIsPinRequired ()

Whether the SDK PIN prompt is enabled for the app.

Returns
  • True if the PIN is enabled. False otherwise.

public abstract boolean getIsSaveToLocationAllowed (Uri location)

Check if policy prohibits saving to a content provider location.

Parameters
location a content URI to check
Returns
  • True if location is not a content URI or if policy does not prohibit saving to the content location.

public abstract boolean getIsSaveToLocationAllowed (SaveLocation service, String username)

This method is deprecated.
Use getIsSaveToLocationAllowedForOID(SaveLocation, String).

Determines if the SaveLocation passed in can be saved to by the username associated with the cloud service.

Parameters
service see SaveLocation.
username the username/email associated with the cloud service being saved to. Use null if a mapping between the AAD username and the cloud service username does not exist or the username is not known.
Returns
  • true if the location can be saved to by the identity, false if otherwise.

public abstract boolean getIsSaveToLocationAllowedForOID (SaveLocation service, String oid)

Determines if the SaveLocation passed in can be saved to by the account associated with the cloud service.

Parameters
service see SaveLocation.
oid the AAD User Id of the account for the cloud service being saved to. Use null if a mapping between the AAD account and the cloud service account does not exist or the account is not known.
Returns
  • true if the location can be saved to by the identity, false if otherwise.

public abstract boolean getIsSaveToPersonalAllowed ()

Restrict where an app can save personal data. This function is now deprecated. Please use getIsSaveToLocationAllowed(SaveLocation, String) instead

Returns
  • True if the app is allowed to save to personal data stores; false otherwise.

public abstract boolean getIsScreenCaptureAllowed ()

Check if policy allows taking screenshots.

Returns
  • True if screenshots will be blocked, false otherwise

public abstract NotificationRestriction getNotificationRestriction ()

Get the notification restriction. If BLOCKED, the app must not show any notifications for the user associated with this policy. If BLOCK_ORG_DATA, the app must show a modified notification that does not contain organization data. If UNRESTRICTED, all notifications are allowed. Note that under certain policies this call may be slow -- it should be called on a background thread when showing notifications and not on the main thread.

Returns
  • The notification restriction.

public abstract String toString ()

Return the policy in string format to the app.

Returns
  • The string representing the policy.