Device limits with MAM / APP

%3CLINGO-SUB%20id%3D%22lingo-sub-883181%22%20slang%3D%22en-US%22%3EDevice%20limits%20with%20MAM%20%2F%20APP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-883181%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20limit%20the%20number%20of%20devices%20a%20user%20signs%20into%20apps%20protected%20by%20app%20protection%20policies%3F%20We%20happen%20to%20be%20enforcing%20MFA%20in%20our%20policies%20so%20the%20devices%20are%20appearing%20in%20AAD%20as%20registered%20devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20are%20device%20limits%20for%20enrolled%20devices%20but%20enrollment%20means%20MDM%20and%20we%20are%20trying%20to%20be%20as%20light%20touch%20as%20possible.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20other%20option%20appears%20to%20be%20device%20limits%20in%20Azure%20but%20I%20assume%20that%20just%20means%20all%20devices%20including%20Windows%20etc%20and%20it%20only%20allows%20a%20figure%20in%20increments%20of%205....%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-883181%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Application%20Management%20(MAM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-883219%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20limits%20with%20MAM%20%2F%20APP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-883219%22%20slang%3D%22en-US%22%3EHi%3CBR%20%2F%3E%3CBR%20%2F%3EIt's%20not%20limit%20the%20amount%20of%20MAM%20devices%20as%20far%20as%20I%20know.%20You%20can%20only%20limit%20the%20amount%20of%20MDM%20enrollments%2C%20but%20that's%20a%20shared%20counter%20for%20all%20platforms.%3CBR%20%2F%3E%3CBR%20%2F%3EWhy%20are%20you%20trying%20to%20limit%20the%20amount%20of%20devices%20a%20user%20uses%3F%20I%20wouldn't%20worry%20about%20it%20too%20much%2C%20there%20is%20no%20downside%20for%20having%20a%20lot%20of%20devices.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-883226%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20limits%20with%20MAM%20%2F%20APP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-883226%22%20slang%3D%22en-US%22%3E%3CP%3EI%20think%20it%20is%20in%20terms%20of%20a%20reduced%20attack%20surface%20if%20a%20user%20has%20many%20devices%20which%20could%20be%20compromised.%20I've%20just%20been%20asked%20if%20we%20can%20do%20it%20so%20am%20looking%20into%20the%20options.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-883261%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20limits%20with%20MAM%20%2F%20APP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-883261%22%20slang%3D%22en-US%22%3EOne%20option%20might%20be%20to%20require%20a%20PIN%20code%20before%20accessing%20the%20container%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-885142%22%20slang%3D%22en-US%22%3ERe%3A%20Device%20limits%20with%20MAM%20%2F%20APP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-885142%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F198857%22%20target%3D%22_blank%22%3E%40Mark%20Wilson%3C%2FA%3E%26nbsp%3BThere%20is%20no%20such%20limit%20for%20MAM%20aka%20azure%20AD%20registered%20devices%20however%20for%20MAM%20%2Cyou%20can%20have%20app%20protection%20policies%20to%20secure%20the%20data%20with%20PIN%20and%20store%20the%20data%20only%20on%20cloud%20(onedrive%2Fsharepoint)%20and%20lock%20the%20app%20every%205%20min%20of%20inactivity%20etc%20.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Is there a way to limit the number of devices a user signs into apps protected by app protection policies? We happen to be enforcing MFA in our policies so the devices are appearing in AAD as registered devices.

 

There are device limits for enrolled devices but enrollment means MDM and we are trying to be as light touch as possible.

 

The other option appears to be device limits in Azure but I assume that just means all devices including Windows etc and it only allows a figure in increments of 5....

 

 

4 Replies
Highlighted
Hi

It's not limit the amount of MAM devices as far as I know. You can only limit the amount of MDM enrollments, but that's a shared counter for all platforms.

Why are you trying to limit the amount of devices a user uses? I wouldn't worry about it too much, there is no downside for having a lot of devices.
Highlighted

I think it is in terms of a reduced attack surface if a user has many devices which could be compromised. I've just been asked if we can do it so am looking into the options.

Highlighted
One option might be to require a PIN code before accessing the container?
Highlighted

@Mark Wilson There is no such limit for MAM aka azure AD registered devices however for MAM ,you can have app protection policies to secure the data with PIN and store the data only on cloud (onedrive/sharepoint) and lock the app every 5 min of inactivity etc .