One of my favorite things to talk about and demonstrate is Microsoft Intune mobile application management. Many companies want to protect their corporate data, while still giving employees flexibility and choices for what devices they use. Companies also want to avoid over-controlling a user's personal devices. Microsoft Intune mobile application management provides a solution that helps companies balance these needs.
On the May 25 EMS Partner call, we'll discuss Microsoft Intune mobile application management and best practices for delivering proofs of concept.
The value of Microsoft Intune mobile application management
Consider the scenario of an employee who has a PC at work, and would like to use their personal tablet at home to access company data. This is might be using Microsoft Outlook to send and receive email, creating documents in Microsoft Word, or accessing files using OneDrive for Business. The company can set a policy that says this is an approved scenario when certain criteria are met. Criteria might include not allowing the user to save copies of the file to the local device or to copy data from Outlook into a personal mail account. However, the company does not want to force the user to enroll the device using a mobile device management solution under full company control.
Mobile application management is often shortened to MAM, and sometimes to MAM-WE (Without Enrollment).
If you are looking for this capability in the Microsoft Azure admin portal, search for Intune App Protection.
Administrator and user experiences with Microsoft Intune mobile application management
The video below does an excellent job of showing the experiences for both administrator and user experiences using Microsoft Intune mobile application management.
What’s new in mobile application management with Microsoft Intune
As explained in the video, administrators can create a policy in three steps:
- Policy settings: Choose the settings you want to enforce on the device
- Targeted apps: Select which apps this policy will apply to
- Assign users and groups: Select which Azure Active Directory groups this policy will apply to
Users simply sign into the application with their corporate credentials. Once signed in, applicable policies are enforced.
Benefits of using app protection policies
They help protect your company data at the app level
Mobile application management doesn't require device management, so you can protect company data on both managed and unmanaged devices. The management is centered on a user's identity, removing the requirement for device management.
User productivity is not impacted, and the policies aren't applied, when the app is used in a personal context
Policies are applied only in a work context, giving you the ability to protect company data without touching personal data.
There are additional benefits to using mobile device management (MDM) with app protection policies. Companies can use mobile application management with and without mobile device management at the same time. An employee might use a company-issued phone as well as a personal tablet. The company-issued phone is enrolled in MDM and protected by app protection policies, while the personal device is protected by app protection policies only.
Mobile device management ensures that the device is protected
You can require a PIN to access the device, or you can deploy managed apps to the device. You can also deploy apps to devices through your MDM solution to give you more control over app management.
App protection policies make sure that the app-layer protections are in place
You can have a policy that requires a PIN to open an app in a work context, prevents data from being shared between apps, and prevents company app data from being saved to a personal storage location.
The partner opportunity with Microsoft Intune mobile application management
Microsoft Intune mobile application management can help you secure your customers' data. It can also help you show the value of Enterprise Mobility + Security as an integrated solution:
- It's easy to set up and deploy for Office 365 customers
- It works with MDM-enrolled devices, offering an additional layer of security specific to protecting company data
- It works with both Microsoft Intune and most third-party MDM solutions
- It's easy to demonstrate to customers how easily data from a document can be copied to a personal device - and then showing how easily that could have been prevented
- It's connected and integrated with Azure Active Directory, showing customers real value of EMS
- Setup time is minimal, making it easy to use Microsoft Intune mobile application management in a proof of concept
Proofs of concept
I’m often asked for guidance about delivering a proof of concept on Microsoft Intune. The video below provides tips for conducting a successful proof of concept.