Create and Assign an App Policy

Before you begin

  • The device must have the SOTI MobiControl Agent installed.
    Note: Configure Android Enterprise devices as work managed.
  • For Android and iOS, Conditional Access requires Microsoft Authenticator to register the device with Microsoft.
  • For macOS, Conditional Access requires the Intune Company Portal app to register the device with Microsoft.
  • User members of both Conditional Access and an App Protection Policy within Azure require the Intune Company Portal app.
Note: Installing the Microsoft Authenticator and the Intune Company Portal app requires an app policy.

About this task

Create and assign an app policy to install Microsoft Authenticator (Android and iOS device registration) or Company Portal (macOS device registration) with Microsoft 365 apps.

Note: Company Portal is only available for download from Microsoft as a .pkg file at


  1. From the SOTI MobiControl main menu, select Policies > Apps. The App Policies view opens.
  2. Select New App Policy. The Create App Policy panel displays.
  3. Select the necessary platform. The Create App Policy window's General tab displays.
  4. On the General tab, in App Policy Name, enter a name for the policy.
  5. From the Apps tab, select Add. The Select Apps window displays.
  6. Choose Microsoft 365 apps and one of the following depending on your device type:
    • For iOS and Android, select Microsoft Authenticator.
    • For macOS, select Company Portal and upload the .pkg file. The Bundle Identifier is and the Version is 5.2203.0. Note that this version is subject to future updates by Microsoft.
    Note: The recommended installation option for Microsoft Authenticator and Company Portal is Mandatory.

What to do next

The next step in integrating Microsoft 365 with SOTI MobiControl is to create and assign a compliance policy.