Forum Discussion
Intune App Protection (MAM without enrollment) for BYOD devices
I would appreciate feedback from anyone who has deployed Intune App Protection without enrollment (i.e., MAM-WE) for BYOD scenarios where end users can access Teams and Outlook on their own personal devices without needing to enrol their devices into management in Intune.
Is Intune APP without enrolment sufficient to ensure data security on BYOD devices?
3 Replies
Hi Gurdev Singh,
From recent experience, it works really good for Windows BYOD devices. For IOS and Android, it works great as well, you don’t need to enroll the devices and you can force policies for some or all msft apps. I think the setup for IOS and Android are straight forward, but for Windows I thought some walkthrough guide might help to get better results, this blog by Peter was very helpful and a good start:
Hope this helps and good luck!
Moe
https://www.inthecloud247.com/force-windows-information-protection-with-conditional-access/- App protection policies are indeed a perfect method to secure your data in the apps, if good configured. WIth app protection you can be sure the company data isn't transferred to personal apps.
But of course there are some requirements (authenticator apps/companyportal --> android - -> not enrolled), just installed)
Here are some blogs
https://call4cloud.nl/2021/03/app-protection-attack-of-the-os-sharing/
https://call4cloud.nl/2021/03/the-chronicles-of-mam/
https://call4cloud.nl/2021/03/app-protection-resurgence/- thank you for the links @Rudy.
