Get your Mam to protect Skype for Business
Looking at the public data that’s available, we can see a shift between Vmware AirWatch to Microsoft Enterprise Mobility Suite for new customers. This is because Microsoft has some features that you won’t find with other Mobile Device Management solutions....
Skype for Business is a huge business tool for both inside Microsoft and for thousands of our customers in the UK. Customers that we speak to want to ensure its users are empower and to leverage different devices however they're concerned about the security of these devices. Recently I’ve been speaking with number of police forces wanting to provide Enterprise Voice via Skype for Business to its officers, however see the freedom of allowing anyone to use any device, even personal ones, being a major blocker!
During the recent update to Skype for Business client we've started to incorporate security and protection as part of the Enterprise Mobility Suite, similar to Outlook, OneDrive, OneNote etc; Features such as: Conditional Access and Data Loss Protection.
This solution is designed to only allow applications that are managed and compliant with company policy to be able to connect. You now have the option to use a non-managed device, but automatically enrol the app (detected from the corporate logon credentials) so that both the app and the data is protected.
Devices that are already enrolled will be presented with a PIN to logon into the Skype for Business app (separate to the PIN logon to the device, providing an extra/separate layer). Because the Mobile Application Management (MAM) is configured by groups or user, it means that the protection will now follow them and not the device.
It means that data that resides within the Skype for Business app can’t be copied/pasted into a normal consumer app such as Hotmail. Let’s have a look at just some of the policy settings we can configure: /en-gb/intune/deploy-use/protect-app-data-using-mobile-app-management-policies-with-microsoft-intune 
Encrypt your company data: You'll notice that in the polices there's an option to encrypt the data within the application:
Alright then, We've setup the polices and added our users. What does it look like to them?
When you use the device and open an application that is controlled by the MAM, the user will be automatically promoted that it's a corporately controlled app and to set a logon PIN. All this without IT or the user to secure the device manually. 
See MAM in action with Dilip Radhakrishnan and Simon May : https://www.youtube.com/watch?v=XBMJZnUMpx8
Next Steps:
Try Mobile Application Management today at: https://Aka.ms/tryEms
More information
For more information about mobile application management, the supported apps and even more, please refer to:
- Microsoft apps you can use with Microsoft Intune mobile application management policies: https://technet.microsoft.com/en-us/library/dn708489.aspx
- Microsoft Intune application partners: https://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/partners.aspx
- Microsoft Intune – Mobile Application Management (MAM) standalone: https://blogs.technet.microsoft.com/cbernier/2016/01/05/microsoft-intune-mobile-application-management-mam-standalone
- Configure data loss prevention app policies with Microsoft Intune: https://technet.microsoft.com/en-us/library/mt627825.aspx
- Create and deploy mobile app management policies with Microsoft Intune: https://technet.microsoft.com/en-us/library/mt627829.aspx