Microsoft Intune App Protection Policies demo and discussion
HTML-код
- Опубликовано: 13 ноя 2020
- Most people know that Microsoft Intune is a full-featured modern/mobile device management (MDM) solution across iOS, iPadOS, macOS, Android, and Windows 10. But what many people don't know is that Intune also offers the ability to manage just the applications on an iOS, iPadOS, or Android device through the use of Mobile Application Management (MAM). The policies that make MAM possible are called App Protection Policies, and that's what we're looking at in this video.
App Protection Policies are particularly valuable for BYOD or bring your own device scenarios. They protect your organization by limiting the scope of what your own IT administrators can see and do. Users love App Protection Policies because they seem to be less of a "Big Brother" technology and protect only organizational data while leaving personal data alone.
They're also super easy to deploy and require almost zero care-and-feeding. 
Наука
![How to protect data and secure devices with Intune [App Protection Policy] 📱🔒](http://i.ytimg.com/vi/Dl9F9N0GZic/mqdefault.jpg)
Why does this not have more thumbs up? This short video gives me more useful info about Intune then the same repetitive "sales pitch" info on the MS website and other YT vids. Thanks Adam.
Im from 2 years into the future and this is the right way to do it.
I just notest that this video 3 years back - we just start to use MDM and MAM we are very late 😂😂 many thanks
No worries!
Love this adam ❤️ thanks for the info
Thanks Adam ! Great video that points the attendee to the most important points. Would be great to have one or two other videos that show "hoe to set up" the policies.
Concise! Thanks Adam. 🇰🇪
Thank you
can anyone let me know about the Screenshot?? Is it possible that we can block screenshots through app protection policy in iOS devices like Android devices
The video is missing where you talk about assigning the application policy to a user or device, and what requirements there are for it to go into effect on the device. Some discussions around devices already signed into apps that will have the controls applied, vs. Net new devices, would also be helpful
I mention that because I'm working through testing MAM-WE on an Android device and it seems like the Company Portal app might be required, though I am not positive.
You create a policy for unmanaged devices first, then you assign to a group with users in it as MAM works at application level, not device level. You then build a configuration for managed apps. If you need to troubleshoot something, go to Apps>Monitor>Application Controls and download a report and filter in Excel. Start small and note, it can take up to 8 hours for MAM to sync changes.
Hi, can I install personal software in my laptop even thoug is connected to intune?
On intune installed mobile, if we add multiple accounts to outlook or office or ms teams --- will this info be captured ? Thanks in advance.
👍🏼
what licnses i need to enable to be able to use MAM?
Why would you need biometric or pin for Outlook? Are Access Requirements really necessary?
Yes. At least on Personal device if some one who knows device password can be stopped from reading corporate data.
Hi Adam,
I'm in the process of testing the app protection policies using the public apps under Microsoft office. However, none of the controls seem to be working. Are there other profiles or policies required?
Check if the device is enrolled with intune and if the user has the required licence.
@@marvinnerio9931That’s literally the opposite of what MAM only is for.
Could you still screenshot the corporate data and share that image elsewhere?
Hello, I've been working with these policies and no, you can't take a screenshot and share it.
You can configure a policy so you can't take a screenshot of any kind of content inside the protected applications.
Let’s say there was someone with criminal intent and admin-level privileges on my employer’s IT staff…. What type of damage, hacking, or spying can they do with Intune on iOS/iPadOS? Can they screen capture, remote access my device’s cameras/microphones, keylog an iPad keyboard, read personal texts/emails, access non-work app data (like AppleID/iCloud, banking, medical records, non-work notes)? What type of Big Brother stuff does Intune enable under the worst of circumstances? 🙏
Endpoint Manager is not a spying tool. Yes an admin can enable remote access to a device and depending upon the circumstances, monitor and control. But you'd be well aware of this on an iPad. That being said, what exactly convinced you of criminal intent and theft was to follow?
@@Schnitzer325ci I’ve been paranoid since being at an employer who had a system admin who used their privileges to spy and harass a female colleague. He’s in prison now (for later crimes).