diff --git a/sysbuild/CMakeLists.txt b/sysbuild/CMakeLists.txt
index 0f64bf771f3f..3e3a41f6faf4 100644
--- a/sysbuild/CMakeLists.txt
+++ b/sysbuild/CMakeLists.txt
@@ -563,27 +563,43 @@ function(${SYSBUILD_CURRENT_MODULE_NAME}_pre_cmake)
     include_sdp()
   endif()
 
-  foreach(config APPROTECT_USE_UICR APPROTECT_LOCK APPROTECT_USER_HANDLING
-  SECURE_APPROTECT_USE_UICR SECURE_APPROTECT_USER_HANDLING SECURE_APPROTECT_LOCK)
-    if(SB_CONFIG_${config})
-      if(SB_CONFIG_BOOTLOADER_MCUBOOT)
-        set_config_bool(mcuboot CONFIG_NRF_${config} y)
-      endif()
-      if(SB_CONFIG_SECURE_BOOT_APPCORE)
-        set_config_bool(b0 CONFIG_NRF_${config} y)
-      endif()
-      set_config_bool(${DEFAULT_IMAGE} CONFIG_NRF_${config} y)
+  if(SB_CONFIG_APPROTECT_USE_UICR OR SB_CONFIG_APPROTECT_LOCK OR SB_CONFIG_APPROTECT_USER_HANDLING OR
+     SB_CONFIG_SECURE_APPROTECT_USE_UICR OR SB_CONFIG_SECURE_APPROTECT_LOCK OR SB_CONFIG_SECURE_APPROTECT_USER_HANDLING)
+    # Apply APPROTECT configuration to target images
+    if(SB_CONFIG_APPROTECT_USE_UICR)
+      set(normal_approtect CONFIG_NRF_APPROTECT_USE_UICR)
+    elseif(SB_CONFIG_APPROTECT_LOCK)
+      set(normal_approtect CONFIG_NRF_APPROTECT_LOCK)
+    elseif(SB_CONFIG_APPROTECT_USER_HANDLING)
+      set(normal_approtect CONFIG_NRF_APPROTECT_USER_HANDLING)
     endif()
-  endforeach()
-  if(SB_CONFIG_SUPPORT_NETCORE AND NOT SB_CONFIG_NETCORE_NONE)
-    foreach(config APPROTECT_USE_UICR APPROTECT_LOCK APPROTECT_USER_HANDLING)
-      if(SB_CONFIG_${config})
-        if(SB_CONFIG_SECURE_BOOT_NETCORE)
-          set_config_bool(b0n CONFIG_NRF_${config} y)
-        endif()
-        set_config_bool(${SB_CONFIG_NETCORE_IMAGE_NAME} CONFIG_NRF_${config} y)
+
+    if(SB_CONFIG_SECURE_APPROTECT_USE_UICR)
+      set(secure_approtect CONFIG_NRF_SECURE_APPROTECT_USE_UICR)
+    elseif(SB_CONFIG_SECURE_APPROTECT_LOCK)
+      set(secure_approtect CONFIG_NRF_SECURE_APPROTECT_LOCK)
+    elseif(SB_CONFIG_SECURE_APPROTECT_USER_HANDLING)
+      set(secure_approtect CONFIG_NRF_SECURE_APPROTECT_USER_HANDLING)
+    endif()
+
+    if(SB_CONFIG_SUPPORT_NETCORE AND NOT SB_CONFIG_NETCORE_NONE)
+      get_property(network_images GLOBAL PROPERTY PM_${SB_CONFIG_NETCORE_IMAGE_DOMAIN}_IMAGES)
+    endif()
+
+    foreach(image ${IMAGES})
+      if(secure_approtect AND SB_CONFIG_SUPPORT_NETCORE AND NOT SB_CONFIG_NETCORE_NONE AND ${image} IN_LIST network_images)
+        # Network core image
+        set_config_bool(${image} ${normal_approtect} y)
+      elseif(normal_approtect)
+        # Application (or other) core image
+        set_config_bool(${image} ${normal_approtect} y)
+        set_config_bool(${image} ${secure_approtect} y)
       endif()
     endforeach()
+
+    set(normal_approtect)
+    set(secure_approtect)
+    set(network_images)
   endif()
 
 endfunction(${SYSBUILD_CURRENT_MODULE_NAME}_pre_cmake)
diff --git a/sysbuild/Kconfig.approtect b/sysbuild/Kconfig.approtect
index 6c1aa2da26c4..456e15d3e6d7 100644
--- a/sysbuild/Kconfig.approtect
+++ b/sysbuild/Kconfig.approtect
@@ -4,8 +4,7 @@
 
 choice APPROTECT_HANDLING
 	prompt "APPROTECT handling"
-	depends on SOC_SERIES_NRF52X || SOC_SERIES_NRF53X || \
-		   SOC_SERIES_NRF91X
+	depends on SOC_SERIES_NRF52X || SOC_SERIES_NRF53X || SOC_SERIES_NRF91X
 	default APPROTECT_NO_SYSBUILD
 	help
 	  Specifies how the SystemInit() function of all the images should