Late last month, Julia White announced at Microsoft briefing on Microsoft Securing the Enterprise, a new feature in Intune that will allow for Mobile Application Management (MAM) capabilities without having to enroll it (or if it’s enrolled in another MDM solution). You’ll commonly hear Microsoft refer to it as MDM-less MAM.

NOTE: This even applies to devices already enrolled in AirWatch, MobileIron, XenMobile or Good, because we’re not loading on a device authority/profile for device management!

Brad Anderson discussed the announcement here and Dilip Radhakrishnan talked about it in more detail here.

The MAM policies allow IT to create policies to prevent data leakage from corporate documents/apps to non-corporate apps that aren’t managed with Intune. With Microsoft’s Mobile Office suite, this even means having one Office app that can have both corporate and personal e-mail accounts, and the apps understand the data source to apply the MAM policies.

Intune MAM

You can find these new policies in Preview in the Azure portal


You see a new Intune option in the portal


If you click on All Settings, you’ll see a few settings that aren’t available in the Intune portal!


Note the App Policy settings for creating a new iOS policy, which supports OneDrive, Excel, PowerPoint & Word


Note for Android today, there is only an option for OneDrive


Once you select the Apps you want to apply it to, you can configure the Policy settings.


One difference in here that doesn’t exist in the Intune portal MAM policies, is the ability to wipe data after you exceed an offline interval. By default that is 90 days.


Finally, once the policy has been created, you can go back and choose who these newly created MAM policies apply to


You can also issue Wipe Requests of the data as well. Note that that is WITHOUT enrollment!


Also, based on the new Azure RBAC models, you can also give these Intune MDM-less MAM settings custom RBAC roles depending on who and how you want to manage your policies.


Leave a Reply

Your email address will not be published. Required fields are marked *