MAM Without Enrollment
Microsoft has implemented a MAM (Mobile Application Management) solution in Intune. However, this solution requires enroll the device in the MDM (Mobile Device Management). For people not wishing to add their equipment in a type MDM platform, it is possible to proceed with the creation of rules MAM without enrollment.
How to implement the rules ?
As a first step, it is necessary to access the Azure portal with the URL azure.microsoft.com. After to be authenticated, the Azure Portal appears.
In the portal, click in other Services button and on search bar enter Intune. Click application Intune Protection.
A new window appears, click on enforcement strategy in settings.
Click Add a strategy then enter the name you want and select the platform.
Click Select the required applications and select the desired applications. Click select pour validate your choice.
It is now necessary to configure settings that will apply to the strategy. To do this, click Configure the required parameters.
It is possible to apply several types of parameters:
- Prohibit the Itunes backup and Icloud
- Prohibit save as
- Restrict operations cut / copy / paste
- Force the use of the Managed Browser
- Ask for the encryption of the application
- Disable the synchronization of contacts
- Disable printing
- Require a PIN
- Require the company to access credentials
- Block applications from running if rooted or jailbroken device
I have configured this parameter, a PIN is requested however the fingerprint cannot be used for access to the resource.
CLick OK to validate the rules and Create. After the rule is created, It is necessary to assign the rules to a user group. Click on the rule in order to access its properties, and then click user groups. Finally click Add user group.
Select the desired group, and then click Select.
The Rules is now deployed. You can install application on the device.
It’s now necessary to add new account in Microsoft Outlook. When I try to launch application, the rules are applied.