Getting started with Mobile Application Management for Windows

This week is all about Mobile Application Management (MAM) for Windows. A long awaited feature that will be a big help with addressing unmanaged Windows devices. MAM for Windows enables organizations to manage the app in a similar way as already possible on mobile platforms. So, making sure that there is a separation between personal and work data, and making sure that the chances of accidental data leakages getting slimmer. In some areas, especially when looking at browser access, it might feel similar to what could already be achieved by using app enforced restrictions in Conditional Access, or by using Microsoft Defender for Cloud Apps in combination with Conditional Access. Big difference, however, is that MAM for Windows also includes the ability to use app …

Read more

Getting started with Microsoft Tunnel for Mobile Application Management for Android

This week is a follow-up on the post of last week. While last week the focus was on iOS/iPadOS devices, this week the focus is on Android devices. Some parts might overlap with that post of last week, but those parts are definitely needed for the completeness of the story and the configuration. So, in general, the focus is still on Microsoft Tunnel for Mobile Application Management (Tunnel for MAM). As mentioned last week, Tunnel for MAM is one of the features that was released at the beginning of March as part of the Intune Suite add-ons. Tunnel for MAM itself, is available as part of the new Microsoft Intune Plan 2 license. The great thing about Tunnel for MAM is that it makes it …

Read more

Getting started with Microsoft Tunnel for Mobile Application Management for iOS/iPadOS

This week is all about one of the new Intune Suite add-on capabilities. The capability of focus is Microsoft Tunnel for Mobile Application Management (Tunnel for MAM) for iOS/iPadOS devices. The Intune Suite add-ons were released at the beginning of March, including a new licensing model, and including Tunnel for MAM. That capability on itself, is available as part of the new Microsoft Intune Plan 2 license. Tunnel for MAM makes it possible to provide access to on-premises resources, on unmanaged devices. Often unmanaged devices are equal to personal-owned devices. So, that provides IT with the flexibility to make that app, with on-premises interaction, available on personal-owned devices. Without requiring the user to enroll that specific device, but still enforcing secure access and guaranteeing full …

Read more

Block app access for unapproved device manufacturers or device models

This week is all about app protection. More specifically, this week is all about the just introduced capability to block app access for Android devices with unapproved device manufactures , or for iOS devices with unapproved device models. That capability actually has two separate actions to choose from, 1) block app access and 2) selective wipe of corporate data within the app. This capability will help with preventing access from untrusted devices to corporate data. Really useful, as we all can think of some low-end devices (loaded with malware, almost for free) that should not be used for accessing corporate data. In this post I’ll show the available configuration options, followed by the end-user experience. Configuration Now let’s start by having a look at the …

Read more

App protection policies and device management state

This week is all about creating some additional awareness for the capability of assigning app protection policies and differentiating between the management state of the devices of the user. Since recently it’s possible to assign app protection policies to either Intune managed devices or unmanaged devices. This can help with differentiating between Intune managed devices and unmanaged (MAM only) devices. For example, have more strict data loss prevention configurations for MAM only devices compared to MDM managed devices. In this post I’ll show the available configuration followed by results from an administrator perspective. Configuration Let’s start by having a look at the available configuration options. I’ll do that by walking through the steps for creating and configuring an app protection policy. These steps are shown …

Read more