Mobile Application Management with Intune

2017-07-27T00:00:55+00:00June 2nd, 2017|blog, Intune, Mobility|

Mobile Application Management (MAM) is a feature that’s not new.  However, Microsoft is always improving on the MAM capabilities, and today Intune supports multiple operating systems on Mobile devices.  This is not an easy feat; since Microsoft are bound by the APIs that these other platforms offer, such as iOS and Android.  These non-Microsoft operating systems are the most prevalent on mobile devices today; and with greater access to corporate data, this poses a threat to data protection and leakage.


We’ve all used application policies from Microsoft’s wide range of applications that have been for many years.  For example:

  • GPOs control where icons are, where data is saved, what drives are mapped, etc.
  • Configuration manager is used to push software out to authorized users and remove applications from those who are not
  • Active Directory provides a way to secure data on the network with Groups and Users

…And while Microsoft released Intune quite a few years back, I’ve only recently become a real fan since I’ve started using Mobile Application Management without enrollment.  Let’s take a quick look at how MAM allows you to offer access to corporate data without compromising too much of that flexibility that users enjoy by choosing their own device platform and bringing their own devices to work.


There’s nothing new with the concept of “Bring your own device” (BYOD); it’s a concept that’s been around for quite some time.   Users can bring their own devices and use them for daily business when a cell phone is needed to do just that.  Traditionally, users would logon to a segmented Wi-Fi network that has no access to the corporate network.  This allowed IT admins to avoid having to manage additional network access to the company resources and provide an open network for these devices as well as guests visiting their offices.  However, with many companies moving data and apps to “the Cloud”, the focus is no longer about segmenting networks, and is instead more focused on protecting the data.

Traditional office apps like Word, Excel, and PowerPoint have been available on mobile devices for quite some time now too, but they commonly required sending the documents to your phone and then opening them.  With Office 365, SharePoint online, and OneDrive, these apps now have access to a massive amount of your corporate data.  Without protecting this data when accessed on a mobile device, a user could download sensitive company information on their mobile device unencrypted and unprotected from prying eyes.  This is where I think Mobile Application Management really starts to come into play.

A Real-World Example

Intune’s Mobile Application Management provides the capabilities to protect your sensitive information on the device, wherever that device is, whether it is in a hotel half-way across the world, left behind in a taxi cab, or picked from the pocket of your CEO.  The device may be compromised but the data is secure.  This is due to the way application management protects the data on the device.  Let me provide you with an example:

Bob’s a CEO of an organization that provides financial information to customers across the financial markets.  The details of the finances can make or break a company’s stock profile if they were to be leaked.  Bob uses an iPhone to read emails and open documents on his device while traveling the subway in New York City.  During a busy morning, he’s shuffling to make it to his next appointment and accidentally drops his phone while exiting the train.

Because of a rich set of policies that Bob’s admin has configured with MAM, the data Bob accesses is not allowed to be stored on the device; and after 5 attempts to unlock the phone unsuccessfully, the corporate apps and data would be wiped.  Even if they were to guess the PIN on Bob’s phone, they would still have to guess his credentials; which are required to open any of the company apps that Bob uses.  It’s important to understand that:

  • The data is not on the device
  • There’s a high-probability that someone would automatically wipe the device by guessing the PIN wrong 5 times
  • By the time Bob realizes he’s lost his phone, a quick call to his IT Department triggers the admin to send a remote wipe request to his device AND receives a confirmation of success

That was just one example and there are many more features that MAM can enable to protect your data.

Bringing MAM Home

Mobile Application Management is easy to enable and deploy to your users.  With proper communication and process, your company data will be secured.  Don’t wait for one of your end-users to accidentally leak sensitive information that could make or break your organization’s reputation.  Identify those that are using mobile devices and protect them sooner than later.