At the end of last year Microsoft introduced the very nice feature of mobile application management without the requirement of device enrollment. What makes it even better is that it can also be used in combination with third-party mobile device management and it can be used in combination with Microsoft Intune mobile device management. In this blog post I’ll go through the configuration options, I’ll go through the configuration steps and I’ll go through the end-user experience.
Configuration in the Azure portal
Now let’s start with the configuration of this type mobile application management policies. The first difference, with the normal mobile application management policies, is that the configuration is done through the Azure portal. The rest of the configuration experience is also completely different. However, the configuration options are pretty similar.
Different configuration options
The mobile application management policies in the Azure portal, contain four different configuration parts. These four parts together are the targeted mobile application management policy. Let’s go through these four parts and see how they fit together.
Important: Only users that are member of the selected group AND have a Microsoft Intune license assigned, are affected by the mobile application management policy.
After getting familiar with the different configuration options, it’s time to look at the creation and the deployment of a mobile application management policy. The following twelve straight forward steps will guide anyone through the configuration and deployment.
|In the Azure portal navigate to Intune mobile application management > Settings to open the Settings blade;
|In the Settings blade, click App policy to open the App policy blade;
|In the App policy blade, click Add a policy to open the Add a policy blade;
|In the Add a policy blade, provide a Name for the policy, select the Platform and click Apps to open the Apps blade.
|In the Apps blade, select at least one app and click Select to return to the Add a policy blade;
|Back in the Add a policy blade, click Settings to open the Settings blade;
|In the Settings blade, configure the Data relocation settings and the Access settings and click OK to return to the Add a policy blade;
|Back in the Add a policy blade, click Create to create the policy and to return to the App policy blade;
|Back in the App policy blade, click the <NewPolicy> to open the <NewPolicy> blade;
|In the <NewPolicy> blade, click User groups to open the User groups blade;
|In the User groups blade, click Add user group to open the Add user group blade;
|In the Add user group blade, select an user group and click Select to save the changes and to return to the User groups blade.
Now it’s time to have a look at the end-user experience. When an end-user is targeted with a mobile application management policy and wants to use one of the configured apps, the end-user will get the messages below after providing company credentials. The first message will show after the initial configuration and the second message will show after removing the configuration again.
For more information about mobile application management, the supported apps and even more, please refer to:
- Configure data loss prevention app policies with Microsoft Intune: https://technet.microsoft.com/en-us/library/mt627825.aspx
- Create and deploy mobile app management policies with Microsoft Intune: https://technet.microsoft.com/en-us/library/mt627829.aspx
- Microsoft apps you can use with Microsoft Intune mobile application management policies: https://technet.microsoft.com/en-us/library/dn708489.aspx
- Microsoft Intune application partners: https://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/partners.aspx
- Microsoft Intune – Mobile Application Management (MAM) standalone: https://blogs.technet.microsoft.com/cbernier/2016/01/05/microsoft-intune-mobile-application-management-mam-standalone/