MAM is the latest edition to BYOD management. MAM manages the company apps on a device, and not the device itself. I can use a MAM policy to protect my company’s email in the Outlook app, or prevent users from saving data to the device from the OneDrive app. If the user leaves the company, and delete the apps or data from their device without wiping their device. This is nice for users that use their personal devices for company business.
MAM and Intune
Intune can publish MAM policies. You must associate the policy with the app to make it work. MAM policies are under Policies > Configuration Policies. When you click “Add”, expand the “Software” section.
The default policy is pretty good, so go ahead and create one of them. You can go through the settings, but they’re fairly self-explanatory. The default settings will prevent company data from getting into backups, prevent cut/paste, prevent data transfer to and from other apps, and require a PIN. That’s a standard policy. You can modify it as needed.
Configuring an App
You must have an app in Intune to tie the MAM policy to. You can add App Store (iOS) and Play Store (Android) apps using the Intune Software Publisher. You can download that by going to the “Apps” section of the Intune management console, and clicking “Add”. If you already have the software publisher, it will launch on your computer. If you don’t, you’ll be prompted to install it.
Once launched, set “Software Setup” box to external link (if you’re publishing an iOS app, you can also select “Managed iOS App from the App Store”). This is where you paste the link to the app from one of the app stores. Intune will go out and get the app. Click next, and fill out the boxes for software description. After you finish the wizard, the app now shows up in your Intune console.
When you deploy the app, you will have the opportunity to add the MAM policy to the deployment. If the app is deployed to multiple groups, you can have different MAM policies for different groups.
Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.
