Mobile Application Management with Microsoft Intune

So, what is MAM?  You may have heard the term if you’ve had any talks about a mobility strategy for your organization.  Mobile Application Management (MAM) is all about securing the Mobile Apps on your Corporate or BYOD devices.

The mobile ecosystem grows larger an more important every day.  iOS and Android are the top leaders in the O/S space for mobile devices, but these Operating systems can often be very diverse in their versions and features if your organization is not strict with the purchasing and management of them.  Privacy laws in different countries can further muddy the waters with the best way to manage mobility in your organization.

What do you want to manage and secure on mobile devices?

At a recent client, the high level answer to this question was fairly simple.  We want to make sure our corporate data that is stored in Office 365 is secure on mobile devices.  This is the perfect scenario to implement MAM.  MAM allows you to deploy security polices to the App itself, instead of MDM, which applies to an entire device.  For instance, let’s say you want to allow BYOD devices in your organization.  Due to privacy concerns, being allowed to fully control someones personal device may not be feasible, or even wanted in your company.  However with MAM, you could deploy a policy to manage only the Outlook App on a user’s device, encrypt the email stored on that device, and be able to wipe only the Outlook email and account from that device.  MAM really only concerns itself with the App and the Data!

What types of Apps can Intune Protect?

Natively, you can deploy MAM policies for all of the major Microsoft mobile application (Outlook, Office, Skype for Business, etc.).  Microsoft also provides an SDK to allow App developers to build in Intune support into their App.  Some major organizations (Salesforce, SAP), provide this functionality in their mobile Apps as well.

What kinds of security policies can I deploy to these Apps?

I won;t go into every single setting you can configure, but the MAM policies allow you to require passwords and Pins to open the App, encryption of any data stored on the device, the ability to restrict what data can enter or leave the App, and even the minimum version of an Operating system a user must have on their device before they are allowed to connect to the data.

How can my organization try out Intune?

Intune is a part of the Enterprise Mobility and Security license, which is an Add-on to Office 365, more licensing details can be found here:

If you’re interested in learning more about Intune and Mobile Management strategies, please feel free to reach out to me at


Leave a Reply