Why Intune option is visible in Azure portal (https://portal.azure.com/)? This is good news for SCCM/Intune admins. We are getting new features in Intune. This time it’s Intune MAM (Mobile Application Management) without MDM enrollment. For full management of mobile devices, we need to use the original Intune portal (https://manage.microsoft.com). In this post, we will see Coexistence of Air Watch and Intune MAM and What is MAM without MDM.
It was a regular question in forums and others communities that can Intune coexist with other MDM products like Airwatch or Mobile Iron. Now the answer is Yes, in some ways. But don’t take me wrong you can’t enroll a device into two MDM products at the same time, however, you can use Intune MAM policies for office applications on other MDM (Airwatch or Mobile Iron etc..) managed devices. More details about this topic available in a TechNet blog post here.
Once you click on Intune from Azure portal, Intune Mobile Application Management (MAM) page will open up with 3 options as you can see the below screen capture. App Configuration – App policy, Remote Requests – Wipe requests and Resource Management – Users.
You can create new Intune MAM policies from the Azure portal – Intune session. Click on App Policy and then click on add new app policy to create Intune MAM policy. At the moment we have options only to create iOS and Android Intune related MAM policies. Windows option is missing from this. Also, we have very limited options with application selection – Onedrive, Excel, Powerpoint and Word. In the following scenario, I selected only Excel app for Intune MAM policy.
Once we selected the app which we want to apply Intune MAM policies without MDM enrollment, then you can configure the aka policies as you can see in the following screen capture. The MAM policy options are same to the one we have in Intune portal. This will help to protect the corp data by preventing save as options, copy paste between managed and un-managed applications.Once Intune MAM policy is created then you can deploy that policies to a group of users. This can be done directly from Azure portal Intune page as I shown in the following screen capture. Right click on the Intune MAM policy which you want to deploy and select Target User Groups.
Now we need to add a user group which we want to deploy this Intune MAM policy. Click on add user group button as I shown in the following screen capture. Search for the user group and click on select option to deploy MAM policy to those users.Once we finished deploying Intune MAM policy and we want to change some settings of the deployment or configuration or User group then you can do it as shown in the following screen capture.
I logged into iPad Mini (iOS 9.1) and launched one drive application to test whether MAM policies are getting applied for One Drive app or not. Intune MAM policies got applied to One drive application and it had given access to my corp files as you can see in the following screen capture. However, it didn’t work well for Word and Excel applications. I’m not sure why it’s not happening. Will check more and update here.