Thank you for reaching out with your question regarding the differences between "require approved client app" and "require app protection policy." I understand your concerns about the transition and the potential issues with updates.
The "require approved client app" setting allows access for certain Microsoft apps. However, it does not ensure apps are protected and is only applicable to a limited set of Microsoft applications. This setting will be retired on March 31, 2026, so it's important to transition to the "require app protection policy" setting before that date to avoid any disruptions in service.
The "require app protection policy" setting is more flexible and provides a higher level of security by ensuring that the app adheres to the organization's data protection policies. This setting is designed to provide all the same capabilities as the "require approved client app" setting, plus additional security features. It ensures that the app cannot be used without an app protection policy in place, which helps manage customer interactions more effectively.
Regarding the issues with Edge updates, we understand that constant updates can cause disruptions. The recent changes by the Edge team, starting from the 125.2535.72 update, led to authentication issues that were resolved in the 126.2592.67 build. It's crucial to stay updated with the latest builds and work closely with support teams to address any issues promptly.
Our engineering team strongly recommends using the "require app protection policy" setting for all customers. This setting ensures that all apps previously supported by "Approved Client App" are now covered, providing a more comprehensive and secure solution.
If you have any further questions or need additional information, please feel free to reach out.
Best regards,
Santos Martinez
Product Manager Architect
Microsoft Intune
Customer Experience and Engineering
Microsoft
