(Guide) Intune Mobile Application Management

Mobile Application Management (MAM) is a need of time to help manage the data on the users' devices, ensuring security and abidance by industrial standards. MS Intune is an extensive cloud-based platform that combines the functionalities of Mobile Application Management (MAM) and Mobile Device Management (MDM).

Intune Application Management allows the organization to secure its data on the employee's devices, whether personal or company-owned.

This article covers the details of Intune MAM and its processes.

What is Intune Mobile Application Management?

Intune MAM allows the management of data on the application and device level. This helps ensure security and compliance across the complete infrastructure. With Intune MAM, you can manage the devices by having the capabilities to configure, monitor, and update the mobile applications.

Following are some of the benefits of opting for Intune MAM:

• Control the data usage across all the applications, ensuring the security of sensitive data and avoiding leakages.
• Enforce the compliance policies by enabling access control rights.
• Manage various types of applications and platforms from a single point.
• Update the mobile applications to the latest versions in a matter of a few clicks.
• Restrict the usage of unwanted applications on mobile devices.

Intune MAM can work in sync with Intune MDM, such that the MAM can be used to manage and control all the devices enrolled via Intune MDM. To understand the difference, the MDM has a complete hold over the device usage and the protection of data used by the device. On the other hand, the MAM can control the usage of applications and enforce policies on the application level.

However, it is not a compulsion to use Intune MDM and MAM together as Intune MAM is capable of managing devices enrolled by third-party EMM providers as well.

App Lists that can be Managed by Intune MAM

This section covers the details of the applications that can be managed by Intune MAM. Before the applications list, let's look into the application categories that Intune allows the management of:

The following table lists the Microsoft applications that can be managed using the Intune MAM:

The above-mentioned applications support Core Intune App Protection and advanced App Protection and App Configuration policies. Intune MAM has a separate list of applications that support core Intune App Protection Policy Settings and the ones that support core Intune App Protection Policy settings and advanced App Protection Policy and App Configuration Policy settings.

How does App Management Work in Microsoft Intune?

To manage applications via Microsoft Intune, the following points are to be kept in consideration:

● Decide the list of applications required by your organization and deploy them on the user devices. Note, MS Intune supports various types of applications ranging from Android to iOS and web to line-of-business applications.

● To save the users from the confusion of configurations, it's a best practice to configure the applications before deployment. With MS Intune, you can define the application configuration policies and the config file is deployed along with the application.

● Application protection is the key feature of MAM and with Intune MAM, you can create and deploy app protection policies to the user devices. Whether they are personally owned, company-owned, or devices managed by a third-party MDM - Intune allows you to easily configure them for the app protection policies.

● The applications on the user devices must stay in updated versions to ensure they abide by the latest policies. If the applications are deployed using Intune, they are updated automatically upon receiving any update.

By keeping these steps in sync, it's easier to ensure applications on the users' devices are abiding by the standard practices and that data is protected.

Intune Application Management Capabilities

This section covers the details of the capabilities of Intune Application Management. Overall, Microsoft Intune MAM is an extensive platform that caters to all the major requirements of managing devices in bulk. Some of its prominent features include:

Assign Apps to Devices and Users

With MS Intune, you can select the required applications from a wide range of supported ones. After the selection of applications, you can assign them to the enrolled devices. With Intune, you can also specify different groups of users and assign apps to their devices accordingly. You can assign apps to the various device types enrolled via Intune, including Android, iOS, iPadOS, macOS, and Windows 10/11.

App Configuration

MS Intune allows you to define the startup behavior of your application upon its deployment to the user's device. This configuration allows the application usage to abide by the compliance standards. MS Intune allows the usage of this feature for all the major operating systems, except for macOS.

App Protection Policies

To protect the organization's sensitive data in the applications, you can set up app protection policies. Once these policies are completed, they can be deployed on the devices accordingly. It restricts the usage of devices in ways that could potentially lead to the leakage or loss of data. You can create and deploy app protection policies for all the major operating systems, except for macOS.

Wipe App Data Selectively

The selective wipe is the ability to specifically erase the corporate data from the installed applications on the user devices. This feature allows you to save the organization from data misuse. Note, you cannot enable the selective wipe for macOS.

Monitor App Assignments

With MS Intune, you can monitor the status of application assignments from the dashboard. This helps keep track of the application status.

Force Install

Under certain situations, an organization must ensure the installation of a certain app on user devices. This can be problematic and cause delays if the installation is dependent on the user himself/herself. However, MS Intune allows you to force install the applications on the devices enrolled via Intune MDM.

Update Apps

To ensure that all the user devices are abiding by the latest policy configurations, it's important to keep the apps updated. MS Intune allows you to update apps across multiple devices from a centralized dashboard.

How to Manage Apps with Intune?

This section covers the steps of managing applications with Intune, which include:

Decide and deploy the applications required by your organization.

Intune has different methodologies for the deployment of apps on different platforms. For example:

You can study further details about it at this link.

Once you have your applications deployed, you can create the conditional access policy. The steps include:

1. Navigate to Intune Admin Center.
2. In the Endpoint securitysection, click on Conditional access.
3. Click on the + Create new policy.
4. Set up the details of policy including Assignments, Target Resources, and such.
5. Under the Grantsection, enable the Require app protection policy
6. Enable the policy and it's good to go.

Similarly, you can create the app protection policies by following these steps:

1. Navigate to Intune Admin Center.
2. In the Appssection, click on App protection policies.
3. Click on the + Create new policy.
4. Follow the five steps including Basics, Apps, Data protection, Health Checks, and Assignmentsto complete the policy setup.
5. After the review and creation of policy, it's all set to be applied.

How to Manage Apps for Unenrolled Devices in Intune?

Management of unenrolled devices uses configuration policies to configure the devices without enrolling them. This is usually opted for personal devices or in scenarios where the BYOD approach is implemented. The Microsoft MAM for unenrolled devices is available for Android and iPad/iOS devices.

To manage apps for unenrolled devices in Intune, follow the same steps of adding and configuring applications in the Intune admin center as covered in the above section. Once the applications are added, create app protection policies for them.

The difference is the process of making applications accessible to the users. Since the user devices are not enrolled in the Intune MAM, you can allow the users to access apps via the following two methods:

• To access and download the application from the available list on the company portal website at manage.microsoft.com.
• To download the company portal application from the app store, which makes the required apps available after the authentication.

Reasons to Use Intune Mobile Application Management

Although the benefits of using Intune MAM have been covered throughout the article, the following are some of the prominent ones:

1) Allows the management of applications and protection of organization data on enrolled and unenrolled devices.

2) Comes with the support of an extensive list of applications under various app categories.

3) Configure and update the applications in a few clicks.

All in all, Microsoft Intune is an effective platform for managing the applications on user devices and protecting the organization's data used by those applications.