Posted in Endpoint Administrator, Microsoft 365 Administrator, MS 365 Enterprise Administrator, MS 365 Modern Desktop Administrator, MS 365 Security Administrator

Microsoft Intune Mobile Application Management (MAM)

   October 9, 2023

Microsoft Intune Mobile Application Management (MAM) is a component of Microsoft Intune that focuses on securing and managing mobile apps and data on mobile devices. It allows organizations to control and protect corporate data on both managed and unmanaged devices without needing to manage the entire device. In this explanation for IT beginners, we’ll explore the functions, workflows, and usage examples of Microsoft Intune MAM.

Functions of Microsoft Intune MAM:

  1. App Protection Policies: MAM enables organizations to create and enforce policies that protect corporate data within mobile apps. These policies can include data encryption, app-level PIN requirements, and data loss prevention (DLP) settings.
  2. App Deployment: MAM allows IT administrators to deploy and manage corporate apps on users’ mobile devices. Apps can be distributed through the Intune Company Portal or other distribution methods.
  3. Data Containerization: Corporate data is isolated within a secure container, separating it from personal data on the device. This ensures that corporate data is only accessible within approved apps and doesn’t mix with personal data.
  4. Conditional Access: MAM policies can be integrated with conditional access policies to control access to corporate resources based on device and app compliance. Users with compliant devices and apps can access corporate resources securely.
  5. Remote Actions: IT administrators can remotely wipe corporate data from a user’s device without affecting personal data or device settings. This feature is particularly useful in the event of a lost or stolen device.

Workflows in Microsoft Intune MAM:

Step 1: Configuration of App Protection Policies:

  1. IT administrators create app protection policies in the Intune portal. These policies define the security requirements for mobile apps, such as data encryption, PIN requirements, and access restrictions.

Step 2: App Deployment:

  1. Corporate apps are deployed to user devices using the Intune portal. Users can install these apps from the Intune Company Portal or other approved app stores.

Step 3: User Enrollment:

  1. Users enroll their devices in Intune, typically by installing the Intune Company Portal app and following the enrollment process. This allows IT to apply MAM policies to the device.

Step 4: Policy Enforcement:

  1. Once a device is enrolled, Intune MAM policies are enforced on the mobile apps. For example, if a policy requires a PIN for app access, users will be prompted to set up a PIN.

Step 5: Data Containerization:

  1. Corporate data within managed apps is kept separate from personal data on the device, ensuring that corporate data is secure and protected.

Step 6: Conditional Access Integration:

  1. MAM policies can be integrated with conditional access policies in Azure AD. This allows IT to control access to corporate resources based on the compliance status of the device and apps.

Usage Examples:

  1. Email Protection: An organization deploys a mobile email app and enforces a PIN requirement for accessing corporate email. This ensures that even on a personal device, corporate email data remains secure.
  2. Document Sharing: Users can securely access and edit corporate documents within a managed document editing app. If the device is not compliant with security policies, access to the app and documents is restricted.
  3. Lost Device Protection: If an employee’s device is lost or stolen, IT can remotely wipe corporate data from the managed apps without affecting personal data. This ensures that sensitive corporate information remains confidential.
  4. Conditional Access: Only devices and apps that comply with security policies are granted access to corporate resources, such as SharePoint or OneDrive for Business. Devices that do not meet compliance criteria are denied access.

Microsoft Intune MAM provides organizations with a powerful set of tools for securing corporate data on mobile devices while respecting users’ privacy and personal data. It enables organizations to strike a balance between security and user flexibility, making it a valuable solution for managing mobile app security.

Share: TwitterFacebookPinterestLinkedin
Author: tonyhughes