Microsoft Endpoint Manager: Enhancing Modern Application Management – Part 6 – MAM Structure & Non-Windows Applications

Introduction

We are now entering the final part of the series to conclude the Enhancing Modern Application Management series.

In this part we will go through how things may differ from handling and structuring applications for other devices such as;

• MacOS Devices
• iOS Devices
• Android Devices

Essentially the principles would be the same as they would be for windows devices, but there are other foundational areas to take into consideration when preparing for application management across those devices.

Another area in which we will touch on will be MAM policies, as this will also add that additional icing on the cake for completing of enhancing our application management lifecycle.

Is there anything different to apply for non windows devices for application management

Not really. Reason being is because the previous parts go into a lot of the foundation and principles on how you would look after your application suite in Endpoint Manager.

Having said this, there is the aspect around handling BYOD devices, but these would also include windows devices as well but the popularity from what I’ve experienced for mobile device application management has mostly been around Android and iOS devices.

And this is where MAM policies really come into play here which we will cover in the next section.

MacOS Defender Endpoint Consideration

For MacOS devices, this might fall perhaps within the security side but it does play a part in a small foundation coverage of application management due to Defender Endpoint being an application that can be created from the portal and having the correct policies in place to ensure that it is installed correctly for efficient endpoint security coverage.

For more details on how to configure this for MacOS devices you can view the official Microsoft documentation here

BYOD Devices

Now we look at how we group our devices which are specifically for BYOD.

One of the first things I would recommend (though may happen by default) is to ensure that the devices are defined by Personal & Corporate. The reason being is because you don’t want to have a situation in where you target any kind of policies (especially MAM policies) where they can cause great issues on devices which are corporate as opposed to personal devices which allow for certain applications and certain access to take place.

It is indeed quite a basic function, but getting this right really does make all the difference for your overall modern management experience. These settings can be automatically defined depending on how they are enrolled in your endpoint manager. All of the device types contain enrolment profiles in which you can define how personal and corporate devices can be enrolled.

Of course to do this manually you just need to perform the following;

1. Go to Devices
2. Select the Device Platform you require then select the device
3. Click Properties

Here you can define the ownership and category settings

In this position, you should be able to safely start to create MAM policies whether that be around App Configuration or App Protection policies which can then be structured around the correct types of devices.

Conclusion of the series

Overall the series may define a structure that seems a lot of work or complicated, but it really just stresses over the core basics and principles. The most important part of the overall user experience is really to address the basics and ensure that the Endpoint Manager portal is healthy. With everything clearly defined and in-place will then allow you to enrich and enhance the overall application management lifecycle.