* The end-user requires an Azure Active Directory (Azure AD) account.
* A Microsoft Intune license must be assigned to the end user's Azure Active Directory account.
* An app protection strategy must target a security group for the end-user. The same app protection policy must be applied to every app. In the Microsoft Endpoint Manager admin center, you can create and deploy app protection policies. The Microsoft 365 admin center now allows users to form security groups.
* The end-user must sign into the app using their Azure AD account.
