Late last month, Julia White announced at Microsoft briefing on Microsoft Securing the Enterprise, a new feature in Intune that will allow for Mobile Application Management (MAM) capabilities without having to enroll it (or if it’s enrolled in another MDM solution). You’ll commonly hear Microsoft refer to it as MDM-less MAM.

NOTE: This even applies to devices already enrolled in AirWatch, MobileIron, XenMobile or Good, because we’re not loading on a device authority/profile for device management!

Brad Anderson discussed the announcement here and Dilip Radhakrishnan talked about it in more detail here.

The MAM policies allow IT to create policies to prevent data leakage from corporate documents/apps to non-corporate apps that aren’t managed with Intune. With Microsoft’s Mobile Office suite, this even means having one Office app that can have both corporate and personal e-mail accounts, and the apps understand the data source to apply the MAM policies.

Intune MAM

You can find these new policies in Preview in the Azure portal

Intune-AzurePortal

You see a new Intune option in the portal

Intune-AzureMAM1

If you click on All Settings, you’ll see a few settings that aren’t available in the Intune portal!

Intune-AzureMAM2

Note the App Policy settings for creating a new iOS policy, which supports OneDrive, Excel, PowerPoint & Word

Intune-AzureMAM3

Note for Android today, there is only an option for OneDrive

Intune-AzureMAM4

Once you select the Apps you want to apply it to, you can configure the Policy settings.

Intune-AzureMAM5

One difference in here that doesn’t exist in the Intune portal MAM policies, is the ability to wipe data after you exceed an offline interval. By default that is 90 days.

Intune-AzureMAM6

Finally, once the policy has been created, you can go back and choose who these newly created MAM policies apply to

Intune-AzureMAM9

You can also issue Wipe Requests of the data as well. Note that that is WITHOUT enrollment!

Intune-AzureMAM7

Also, based on the new Azure RBAC models, you can also give these Intune MDM-less MAM settings custom RBAC roles depending on who and how you want to manage your policies.

Intune-AzureMAM8

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>