In late June I was approached to record some short technical overview videos on Microsoft 365 Business, and now that they are recorded and published, it’s time to review them, and provide some additional resources and any important updates since the content was created. This is the sixth video in the series, and the focus is on Intune's iOS and Android management capabilities.
With the initial release of Microsoft 365 Business, one of the benefits it provided for iOS and Android were some easy to deploy Mobile Application Management (MAM) policies for iOS and Android. You could configure these directly from the Microsoft 365 Business Admin Center, and they provided a subset of the available apps and MAM policies that Intune supported. The exposed policies and supported mobile apps aligned with some of the goals of Microsoft 365 Business, and they did a good job of simplifying the experience.
MAM policies on iOS and Android are a great way of controlling what can happen with company data within an application, but in most conversations I have about Intune, I generally encourage them to use this approach with Bring Your Own Device (BYOD) type scenarios. This way the organisation controls its data, but the user owns the device. The IT department can't reset or wipe the phone, only the data related to the user's work profile. For an individual bringing their own phone or tablet to work, this is a great solution.
However, if it's a device the company has provided, they may want to control at the device level with MDM and not just MAM. While the full Intune functionality was available in the Azure Portal, that component wasn't licensed for usage. The good news is that with the April 2018 release, the licensing was updated, and full Intune capabilities are now included. While you won't see any changes for iOS and Android policies in the Admin Center at this point in time, if you are comfortable with Intune then it's simply a matter of using Intune in Azure as per usual.
What this now means is that it's really up to you to decide what approach to take. If you think MAM policies are enough for you, start with the native M365B capabilities, and then take a look in Intune to see what is happening under the covers, just in case there are some changes that you want to make. I don't recommend making changes in Intune to the Admin Center policies you create, instead create a policy that duplicates the settings you want, and add the customisations that make sense.
You can check out the other posts in this series below