Forum Discussion
Intune MAM: Is it possible to have separate MAM policies on Office Apps for non-enrolled users?
We use Intune, with MDM policy currently to managed the Office Mobile Apps, and users who attempt to use these Office apps with their corporate Office 365 work account are forced to enroll in Intune and be subject to security policy including a device PIN.
We are interested in allowing those users who do not wish to enroll in Intune, to use Office Mobile Apps, and ideally would like to configure MAM policies for these users who are not enrolled in any mobile device management solution. It is understood that Intune MAM policies can be used independent of any mobile-device management (MDM) solution as detailed in this article:https://docs.microsoft.com/en-us/intune/deploy-use/protect-app-data-using-mobile-app-management-policies-with-microsoft-intune%20
In testing, if we set up MAM policies for the Office Apps in the Azure portal, these also seem to apply to our MDM enrolled users.
Ideally we’d like MDM enrolled users to have separate policy (e.g. not require a PIN on the app in addition to their device PIN).
2 Replies
The MAM SDK does not currently support identifying an MDM enolled device. That said, with the MDM service moving to Azure and bringing togethr the mgmt plane for both MAM and MDM, this would be a really good enhancement that the team could explore. I know we would also like to see this happen.
Hi
The MAM policy in Azure Portal is per user - and will there for effect all users.
At my knowled this is worked as designed.
Kind regards
Per Larsen
Microsoft MVP - Enterprise Mobility
Twitter: @PerLarsen1975 | Blog: osddeployment.dk
