Event banner
Event details
28 Comments
- I had an issue enforcing end users from personal devices to use Microsoft Edge from other browsers. The speaker showed us that, but it did not work for me. How to do that, please.
Quick question - is the "MAM user scope" setting (None/Some/All) in Intune/Entra still relevant for this new capability? I didn't see it configured in the presentation or mentioned in the docs. I know this was used for WIP without enrollment but since that's been deprecated I'm curious if it still has a purpose.
Edit - I just noticed this setting changed to "WIP user scope" with a message that WIP-ME (sic) is no longer supported. I guess that means it's not related to this new Windows MAM capability.
- Daniel_Emerson
Microsoft
Correct, the "WIP user scope" only applies to the WIP feature not Windows MAM. As noted, we updated the Admin UX to clarify the applicability based on customer feedback, including your comment. Thank you.
- Harsha_DalaliIt's good to see that we block copy to clipboard, download and print the file. Is there any feature on the roadmap to block using "Snipping tool" on these managed resources?
- Joe_Lurie
Harsha_Dalali Thanks for the feedback on Snipping Tool. As @DEmersonMSFT says here, Microsoft Edge is the first app to integrate MAM features, but it likely won't be the only one. We can't comment on roadmap items here but note that we are working with other app teams to integrate with MAM.
- Harsha_DalaliThanks for the response Joe_Lurie
- I think more time could have been used out of the 30 minutes allotted. Why just go bang-bang-bang within 15 minutes? Please have presenters take a breath and slow down.
- Great session with comprehensive demos. Good work! Thank you! This session demonstrated Microsoft Edge as the only app capable of supporting the new features. When will other Microsoft apps add support?
- Joe_Lurie
Jay Michaud Thanks for the question. As Daniel_Emerson says here, Microsoft Edge is the first app to integrate MAM features, but it likely won't be the only one. We can't comment on roadmap items here, but note that we are working with other app teams to integrate with MAM.
- Great information, please where can we find the links?
- Yes, could you provide the links from the last slide here in the comments, or update the video description to include them? Thanks!
- I found this: https://learn.microsoft.com/en-us/mem/intune/apps/protect-mam-windows and this: https://learn.microsoft.com/en-us/entra/identity/conditional-access/how-to-app-protection-policy-windows
Thanks for joining us! We hope you enjoyed this session. If you missed the live broadcast, don’t worry – you can watch it on demand. And we’ll continue to answer questions here in the chat through the end of the week. There's more great content in store at the Microsoft Technical Takeoff! What do you like about the event so far? Share your feedback and help shape the direction of future events on the Tech Community!
Todd SterrettDefender for Endpoint has a warn / block vulnerable applications feature. Is any tie-in between that and what we are seeing planned?- Daniel_EmersonThe current Windows MAM integration is with Windows Security Center, which can integrate with the Windows Defender client available on all Windows 10/11 devices. At this time, we do not have any direct integration with Microsoft Defender for Endpoint. Let us know if you have scenarios for using MDE and Windows MAM.
The demo is to simple in my opinion for the CA part. Only applying this to Browser apps, also need an additional action what to do with other apps (block in my opinion).
Also if you wish to only target non-compliant devices a load more configuration is nescesary in my opinion.
It seems so simple in the demo but it is a lot more complex.
- Daniel_EmersonThe demo was focused on the specific controls needed to enable App Protection CA for Windows (for more information see https://learn.microsoft.com/en-us/entra/identity/conditional-access/how-to-app-protection-policy-windows). There are much richer scenarios you can enable via Conditional Access; many customers may benefit from pairing the App CA with Device CA controls to ensure the user is accessing the CA protected resource from either a managed application or a managed device.
- How to enforce users' personal devices to use Edge ONLY, not other browsers to login to Orginasision O365 Apps?
- Daniel_EmersonYou can use App Protection Conditional Access, via Entra ID, to ensure your users can only access O365 resources via Intune MAM protected Microsoft Edge.
Conditional Access will do this for you if you. By targeting browser access to resources and forcing the Grant to be set to Require App Protection Policy. You won't be able to login to the targeted apps on another browser.
