When I explain Microsoft Intune to friends and family, I say it allows companies to set rules—like requiring a password to be more complex than “1111”—to keep computers and phones more secure. When I talk with organizations, I assume they have a more complete understanding of the service, but I still hear many comments such as “Intune is great, but my employees don't want to give up control of their personal devices.” When I respond that Intune can still empower their teams to work remotely and help keep data safer even without enrollment, their faces often light up with excitement. So, this month, I'm highlighting new features related to application protection policies.
Application protection policies help protect data in more places
Application protection policies allow IT administrators to grant access to company data through specific applications, even on personal devices, across iOS, Android, and Windows. When a user signs in to a managed app, they're allowed to work with the files they need but can be restricted from copying and pasting to other apps, taking screenshots, or sending files saved to their device via unauthorized applications. Users can also be confident that their employer isn't able to see any of their personal data or access their device at all.
Expanded partner application ecosystem
To meet demand for this value, we've published the Mobile Application Management Software Development Kit (MAM SDK). This allows independent software vendors (ISVs) to configure their applications to specifically take advantage of the capabilities that the MAM SDK enables. The list of ISVs has doubled since 2022, and this month our list of supported applications has grown to a total of 126 apps across iOS and Android. Of these apps, 4 cover Android only, 39 have an exclusive focus on iOS, and 83 offer support on both platforms. Below is a list of the most recent applications included in the build—an asterisk identifies those added this month:
- 4CEE Connect
- Applications Manager - Intune
- Datasite for Intune*
- DealCloud
- FacilyLife
- FileOrbis for Intune
- Intapp 2.0
- Lemur Pro for Intune
- Mijn InPlanning*
- Mobile Helix Link for Intune
- Nitro PDF Pro*
- Outreach Mobile
- PagerDuty for Intune
- SMART TeamWorks*
For the complete list of apps, visit Supported Microsoft Intune apps.
Simpler Samsung Knox application protection policies
Hardware-backed device attestation helps prevent device tampering and “replay” attacks, and Intune integrates with the Samsung Knox security and management platform to manage those capabilities on supported Samsung devices. With this new release we've simplified the process of enabling Knox attestation. When creating an application protection policy, Samsung Knox attestation will be enabled by default on supported devices, provided the device has been updated to the latest operating system. IT pros will no longer need to create a policy specifically targeting Samsung devices with an assignment filter, nor will they need to create or maintain a separate policy for non-Samsung Android devices. Existing policies can be edited to enable this attestation.
Require Intune Enterprise Application Management apps during enrollment
To help prevent potential security gaps, IT pros need to be able to keep users from accessing their device until specific apps or configurations have been set up. This is called blocking, and while it's not strictly related to Intune application protection policies, it is another valuable, though less well-known addition to Intune. When configuring Windows Autopilot, IT pros with licenses for Intune Enterprise Application Management can now select apps from their catalog as “blocking apps.” This denies users access to the desktop until these applications have been installed. This can be configured for Windows Autopilot device preparation policies as well as in standard Windows Autopilot enrollment status page configuration.
How do app protection policies fit into how you secure your company data or your approach to Zero Trust? Which apps do you want to see added in the future? Leave us a comment below.
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.
Microsoft