First published on CLOUDBLOGS on May 20, 2015
When using
Microsoft Intune
integrated with the newly released
service packs for System Center 2012 and R2 Configuration Manager
, hybrid customers can now leverage the Mobile Application Management (MAM) capabilities of Intune and deploy application management policies to
MAM managed apps
. These policies allow you to ensure company compliance and security policies are met. For example, you can restrict actions such as cut, copy and paste within a MAM managed app, or configure a MAM managed app to open all web links inside the Intune Managed Browser app (as this app is a MAM managed app).
App management policies support:
-
Devices that run Android 4 and later.
-
Devices that run iOS 7 and later.
When using System Center Configuration Manager (ConfigMgr) integrated with Intune, you can associate the app management policy with the ConfigMgr application’s deployment type (DT) that you want to restrict. When the application is deployed and the application’s DT is installed on devices, the settings you specify will take effect.
To apply policy to an app, the app must incorporate the Microsoft Intune App Software Development Kit (SDK). There are two methods of obtaining this type of app:
-
Use a policy managed app
(Android and iOS): Apps that have the Intune App SDK built-in. To add this type of app, you specify a link to the app from an app store such as iTunes or Google Play. No further processing is required for this type of app. See the list of
Available policy managed apps
on TechNet.
-
Use a ‘wrapped’ app
(iOS only): Apps that are repackaged using the
Microsoft Intune App Wrapping Tool for iOS
. This tool is typically used to process existing line-of-business apps. It cannot be used to process apps that were downloaded from a mobile device’s public store. See the TechNet article on
Preparing apps for mobile application management with the Microsoft Intune App Wrapping Tool f...
. The Intune App Wrapping Tool for Android is coming soon.
Step 1: Create an app management policy
To define an app management policy, navigate to
Software Library -> Overview -> Application Management -> Application Management Policies
. Click
Create Application Management Policy
from the ribbon.
In the
Create Application Management Policy Wizard
enter a name and description for the policy in the
General
page.
In the
Policy Type
page, choose the platform and policy type for this policy. There are currently two policy types available:
-
The
General
policy type lets you modify the behavior of apps that you deploy to ensure company compliance and security requirements are met. For example, you can restrict actions such as cut, copy and paste within a corporate managed app.
-
The
Managed Browser
policy type lets you modify the functionality of the Intune Managed Browser app. This app allows you to manage web browsing experience for users. This includes the sites they can visit and how links to content within the browser are opened. For more information on the Intune Managed Browser app, see
here
for iOS and
here
for Android.
Next you can configure the individual settings that are applicable to the platform and policy type selected. For more information on these settings, see
here
for the
General
policy type and
here
for the
Managed Browser
policy type.
After the wizard is complete, click
Close
to save the policy. You do not deploy the policy directly. Instead, you associate the policy with the ConfigMgr application’s deployment type (DT). The next section will walk you through how to do this.
Step 2: Associate the app management policy with a deployment type
When a ConfigMgr application is deployed, ConfigMgr will recognize that an application management policy must be linked to this deployment type (DT) based on that DT’s type.
If the application is not yet deployed, then this association can be made in the
Deploy Software Wizard
, on the
Application Management
page. ConfigMgr will recognize all deployment types that are associated with the application being deployed, and prompt you to associate an app management policy at this time. (In the case of the Managed Browser, you will be required to associate both a General and Managed Browser policy.)
If the software is already deployed, then the deployment of that application’s DT will fail until this association is made. For existing applications, the association can be made in the
Properties
page of the application deployment, under the
Application Management
tab.
Step 3: Monitor app management policies
Under
Monitoring -> Overview -> Deployments
, you can view the status of the app management policies for a particular deployment by selecting
App Management
in the details pane of that deployment, under
Related Objects
.
Monitoring a particular deployment with an app management policy is the same as monitoring any other deployment under
Monitoring -> Overview -> Deployments
. Remember that application deployments will fail if an app management policy has not been associated with Deployment Type that requires it (see step 2 to remedy this).
Related resources:
I hope that you’ve found this blog post useful. Please bookmark this blog and
Intune blog
as we plan to post new content regularly!
- Joey Glocke, Program Manager
This posting is provided "AS IS" with no warranties and confers no rights.