Mobile Application Management (MAM) in Action
By Garth Jones
Mobile Application Management (MAM) is great because it allows ConfigMgr admins to manage applications (such as Outlook), and NOT devices. The best part is that the Intune client is NOT needed on each device.
Why is managing applications and not devices important? Three reasons:
Instead of each employee having two smart phones (one for business and one for personal use) MAM allows employees to only need one smartphone. This is important as more and more staff are bringing their personal smartphones to work and are connecting to their organization’s email system and Wi-Fi.
Managing applications means that organizations do NOT get to invade the privacy of staff by managing their personal smartphones. Employees will be happy to know that their company will not prevent them from playing games such as Angry Birds during their time off.
Most importantly to organizations, MAM will help prevent data leakage.
PC Magazine defines data leakage as, “The unauthorized transfer of classified information from a computer or datacenter to the outside world.”
How does MAM prevent data leakage? It sets policies on applications. Some of the more common policies are:
· Require a PIN to launch the application.
· Prevent copying and pasting of information between different applications that are not MAM enabled.
· Prevent MAM applications from working on jailbroken (iPhone) and rooted (Android) devices.
· Ensure that data is encrypted.
In my video I’ll use the Azure portal to demonstrate how to set the following MAM policies:
-Requiring a PIN to launch an application.
-Preventing MAM applications from working on a jailbroken or rooted device.
In order to test these new policies I’ll use a rooted Hyper-V Android device that doesn’t have the Intune agent installed. I’ll show you how it is prevented from accessing email, but after I disable the policy I can access Outlook with a PIN.
I hope that you will see how MAM empowers both staff and organizations as it makes it more convenient for employees to bring their own devices to work and it helps prevent company data leakage!