Contextual App Protection for Workspace

Contextual App Protection provides the granular flexibility to apply the App Protection policies conditionally for a subset of users - based on users, their device, and the network posture.

Implementing contextual App Protection

You can implement contextual App Protection using the connection filters defined in the Broker Access policy rule. The Broker Access policies define the rules controlling a user’s access to delivery groups. The policy comprises a set of rules. Each rule relates to a single delivery group, and has a set of connection filters and access right controls.

Users gain access to a delivery group when their connection’s details match the connection filters of one or more rules in the Broker Access policy. Users don’t have access to any delivery group within a site by default. You can create more Broker Access policies based on requirements. Multiple rules can apply to the same delivery group. For more information, see New-BrokerAccessPolicyRule.

The following parameters in the Broker Access policy rule provide the flexibility to enable App Protection contextually if the user’s connection matches the connection filters defined in the access policy rule:

  • AppProtectionKeyLoggingRequired
  • AppProtectionScreenCaptureRequired

Use the Smart Access policies referenced in the Broker Access policy rules to further refine the connection filters. Refer to the scenarios explained in this article to understand how to use the Smart Access policies to set up contextual App Protection.

Contextual App Protection scenarios

Following are some of the scenarios about how you can enable Contextual App Protection:

Contextual App Protection for Workspace