Implement Mobile Application Management – Manage apps and data

Skill 4.2: Implement Mobile Application Management

Using Microsoft Intune, you can implement Mobile Application Management (MAM) to assign, configure, update, secure, and monitor your users’ apps. In addition to using MAM to manage app usage on your users’ devices, you can also implement a number of security features that can help secure corporate data on those devices. These features include Data Loss Prevention (DLP) policies and Windows Information Protection (WIP).

This skill covers how to:

Plan and Implement App Protection policies

You can use managed apps to enforce the following behaviors in your users’ apps:

  • Restrict Copy and Paste
  • Restrict Save As
  • Specify a managed browser for opening web links
  • Define app-level conditional access
  • Enable multi-identity use
  • Apply data loss prevention (DLP) policies to devices that are enrolled or not enrolled
  • Provide app protection both with and without device enrollment

The precise details of management options vary based on the type of device being managed. Table 4-5 identifies the key functions.

TABLE 4-5 Management options in Intune MAM

Management functionAndroidiOS/iPadOSmacOSWindows 10
Add and assign apps to devices and usersYesYesYesYes
Assign apps to devices not enrolled with IntuneYesYesNoNo
Use app configuration policies to control the startup behavior of appsNoYesNoNo
Use mobile app provisioning policies to renew expired appsNoYesNoNo
Protect company data in apps with app protection policiesYesYesNoNo
Remove only corporate data from an installed app (app selective wipe)YesYesNoYes
Monitor app assignmentsYesYesYesYes
Assign and track volume-purchased apps from an app storeNoNoNoYes
Mandatory install of apps on devices (required)YesYesYesYes
Optional installation on devices from the Company Portal (available installation)YesYesYesYes
Install shortcut to an app on the web (web link)YesYesYesYes
In-house (line-of-business) appsYesYesYesYes
Apps from a storeYesYesNoYes
Update appsYesYesNoYes

To implement app protection policies, open the Microsoft Endpoint Manager admin center and sign in as a global admin. Navigate to the Apps node, as displayed in Figure 4-39. Under Policy, select the App Protection Policies node.

Figure 4-39 The Apps node in the Microsoft Endpoint Manager admin center

Roy Egbokhan

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *