Some advice and suggestions wanted - to MAM or not to MAM :)

%3CLINGO-SUB%20id%3D%22lingo-sub-2783598%22%20slang%3D%22en-US%22%3ESome%20advice%20and%20suggestions%20wanted%20-%20to%20MAM%20or%20not%20to%20MAM%20%3A)%3C%2Fimg%3E%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783598%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20people%2C%3C%2FP%3E%3CP%3EHopefully%20i%20can%20explain%20this%20well%20enough.%20We%20are%20not%20fully%20set%20up%20with%20Endpoint%20Manager%20yet%2C%20to%20a%20point%20where%20i%20would%20say%20everything%20is%20just%20right%20and%20working%20great.%20We%20have%20some%20corporate%20iPads%20and%20Android%20phones%20in%20there%20and%20all%20our%20Windows%2010%20clients.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20noticed%20the%20other%20day%20that%20on%20my%20personal%20iPhone%20that%20i%20enrolled%20afterwards%20by%20installing%20the%20company%20portal%20and%20authenticator%20that%20MAM%20policies%20are%20still%20applied.%20The%20MAM%20policy%20it%20takes%20state%20it%20should%20only%20happen%20to%20unmanaged%20devices.%20not%20to%20managed%20ones.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20reason%20we%20are%20piloting%20MAM%20policies%20was%20so%20if%20people%20lost%20their%20device%2C%20we%20could%20do%20a%20selective%20wipe%20on%20managed%20apps%20and%20get%20rid%20of%20company%20data.%20(assuming%20the%20device%20goes%20online)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20we%20will%20probably%20require%20all%20to%20enroll%20their%20personal%20device%20if%20they%20want%20to%20access%20company%20data.%20This%20is%20why%20I%20am%20reaching%20out%20to%20all%2C%20if%20im%20going%20to%20enrol%20all%20devices%2C%20do%20i%20then%20need%20MAM%20policies%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20setting%20in%20the%20MAM%20policy%20that%20annoys%20me%20is%20the%20restrict%20cut%2Fcopy%20%26amp%3B%20paste%20from%20managed%20to%20unmanaged%20app.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20know%20if%20there%20is%20a%20good%20best%20industry%20practice%20for%20securing%20managed%20and%20non%20managed%20mobile%20devices%20(ios%20and%20android)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2783598%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Application%20Management%20(MAM)%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

Hi people,

Hopefully i can explain this well enough. We are not fully set up with Endpoint Manager yet, to a point where i would say everything is just right and working great. We have some corporate iPads and Android phones in there and all our Windows 10 clients.

 

I noticed the other day that on my personal iPhone that i enrolled afterwards by installing the company portal and authenticator that MAM policies are still applied. The MAM policy it takes state it should only happen to unmanaged devices. not to managed ones.

 

The reason we are piloting MAM policies was so if people lost their device, we could do a selective wipe on managed apps and get rid of company data. (assuming the device goes online)

 

But we will probably require all to enroll their personal device if they want to access company data. This is why I am reaching out to all, if im going to enrol all devices, do i then need MAM policies?

 

One setting in the MAM policy that annoys me is the restrict cut/copy & paste from managed to unmanaged app.

 

Does anyone know if there is a good best industry practice for securing managed and non managed mobile devices (ios and android)

1 Reply
Hi,

I would start with reading this blogs https://call4cloud.nl/2021/03/the-chronicles-of-mam/.
it describes the whole managed / unmanaged enrollment part and most important ... why

And this blog describes more the options you have to restrict/sharesend to some stuff

https://call4cloud.nl/2021/03/app-protection-attack-of-the-os-sharing/