Apps that you do not want used in your domain by any user should be Banned. The Revoke Banned Apps policy is enabled by default and continues the workflow of revoking apps once they are banned. (See Revoking an App for more information.)
Restricted—applications approved for some, but not all users in your domain.
Apps that may be appropriate for use by some users in the environment but not others can be restricted. For more information, see Restrict an App.
Apps classified as Trusted are appropriate for use by all users domain-wide in the environment. The Trusted Apps by Name policy automatically classifies apps as Trusted. You can also automatically or manually classify apps as Trusted in the Trusted Access Scopes policy.
Newly discovered apps are by default classified as Unclassified.
Classifying an app as Under Audit indicates that further research or review needs to be conducted before a final classification can be decided on.
Updated over 1 year ago