Let’s discuss Enable Windows Apps Run in Background to Manage Privacy using Intune. Microsoft Intune provides let Apps Run In Background policy to controls whether Universal Windows Platform (UWP) apps can continue to perform tasks when they are not actively in the foreground.
Configuring this policy helps, organizations to manage primarily related to performance, security, and resource management. Some business-critical apps must run in the background to provide a seamless user experience.
You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
For several reasons you can allow this policy in your organization. This policy is applicable for different real world scenarios. Examples include communication tools that need to receive notifications in real-time or security apps that must continuously monitor the system.
Table of Contents
Enable Windows Apps Run in Background to Manage Privacy using Intune
You can enable or disable Windows Apps Run In Background policy according to your organizations preferences. Each value is helpful organization. By restricting background app activity, the organization can minimize the risk of data leakage and reduce the attack surface.
- How Windows App Enhances File and Folder Access on Azure Virtual Desktop and Windows 365
- New Remote App Launcher in Windows App for Web Enhances AVD and Windows 365 Experience
- Click to Do Feature a Powerful Productivity Paradigm with AI Assistance across All your Windows Applications
Real Word Example – Corporate Office Environment
A large corporation with a Bring Your Own Device (BYOD) policy might set the default to “User is in control.” This gives employees the flexibility to configure their personal devices as they see fit. However, for company-owned devices, they might use a more restrictive policy.
They could use “Force Allow” for their corporate communication app (like Microsoft Teams) and a custom security monitoring app, while using “Force Deny” for other apps to maintain a balance between user experience and corporate security standards.
Sign in Microsoft Intune Portal for Policy Creation
This policy allows administrators to enforce a consistent and secure behavior across all devices, overriding the user’s personal settings. For start policy creation sign in to Microsoft Intune admin center. Then go to Devices > Configuration > +Create >+ New Policy.
Choosing Platform and Profile Type
Choosing Platform and Profile is the next step after selecting New policy. It is very necessary step to effectively configure the policy to appropriate platform. Here I would like to configure the policy to Windows 10 and later platform and settings catalog profile. Then click on the Create button.
Basic Tab for Naming Policy
Basic Tab is used to give an identity for the policy by adding name and description. Here Name is Mandatory and Description is optional. After adding these details click on the Next button.
Configure Windows Apps Run In Background
On this tab you can access +Add settings hyperlink to access specific settings. When you click on this hyperlink, you will get Settings Picker. Here, I would like to select the settings by browsing by Category. I choose Privacy. Then, I choose Let Apps Run In Background settings.
Select Specific Value
There are 3 values are available for this policy. If you disable or don’t configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. The table below shows the values available for this policy.
| Values | Details |
|---|---|
| User in control (default). | If you choose the “User is in control” option, employees in your organization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. |
| Force allow | If you choose the “Force Allow” option, Windows apps are allowed to run in the background and employees in your organization can’t change it. |
| Force deny | If you choose the “Force Deny” option, Windows apps aren’t allowed to run in the background and employees in your organization can’t change it. |
Scope Tag for Let Apps Run In Background Policy
Scope Tags sections help you add restrictions to the visibility of the Policy. But it is not a mandatory step, so you can skip this step. Here, I don’t add scope tags for Windows Apps Run in Background Policy. Click on the Next button.
Assignment Tab for Selecting Group
To assign the policy to specific groups, you can use the Assignment Tab. Here I click, +Add groups option under Included groups. I choose a group from the list of groups and click on the Select button. Again, I click on the Select button to continue.
Review + Create Tab
Before completing the policy creation, you can review each tab to avoid misconfiguration or policy failure. After verifying all the details, click on the Create Button. After creating the policy, you will get a success message.
Monitoring Status
The Monitoring Status page shows whether the policy has succeeded or not. To quickly configure the policy and take advantage of the policy sync, the device on the Company Portal, Open the Intune Portal. Go to Devices > Configuration > Search for the Policy. Here, the policy shows as successful.
Client Side Verification through Event Viewer
It helps you check the client side and verify the policy status. Open the Client device and open the Event Viewer. Go to Start > Event Viewer. Navigate to Logs: In the left pane, go to Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin.
MDM PolicyManager: Set policy int, Policy: (LetAppsRunlnBackground), Area: (Privacy),
EnrollmentID requesting merge: (EB427D85-802F-46D9-A3E2-D5B414587F63), Current User:
(Device), Int: (0x1), Enrollment Type: (0x6), Scope: (0x0).
Removing the Assigned Group from Windows Apps Run In Background Settings
If you want to remove the Assigned group from the policy, it is possible from the Intune Portal. To do this, open the Policy on Intune Portal and edit the Assignments tab and the Remove Policy.
To get more detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete Windows Apps Run In Background
You can easily delete the Policy from the Intune Portal. From the Configuration section, you can delete the policy. It will completely remove it from the client devices.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
CSP Details
The CSP Details of Let Apps Run in Background shows more details. This policy saves time and ensures compliance with company policies without requiring physical access to the devices. This policy is applicable for Windows 10, version 1703 [10.0.15063] and later.
Description Framework Properties
The Description framework properties of Let Apps Run in Background policy shows Property name and property Value. The below table shows the Details.
| Property name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Group Policy Mapping
If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app. Refer below table.
| Name | Value |
|---|---|
| Name | LetAppsRunInBackground |
| Friendly Name | Let Windows apps run in the background |
| Element Name | Default for all apps. |
| Location | Computer Configuration |
| Path | Windows Components > App Privacy |
| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
| ADMX File Name | AppPrivacy.admx |
OMA URI Settings
You can create OMA URI Settings by Sign in Intune Portal. Devices > Configuration. Click on Create to start a new policy. Choose the platform as Windows 10 or later. For the Profile type, select Templates, then choose Custom. Provide a name for the policy, such as Enable Windows App Run in Background and add a description if needed.
- Click on + Add under OMA-URI Settings to configure the specific setting.
- To Configure the OMA-URI Setting Enter Name and Description
- Enter the following OMA-URI path:
- ./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsRunInBackground
- Enter the value
- 0 (Default) .
- 1 Force allow.
- 2 Force deny.
- After entering the above details, click the Save button.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Entra, Microsoft Security, Career, etc.