Intune App Protection Policy | Intune MAM
ฝัง
- เผยแพร่เมื่อ 8 ก.ค. 2024
- #IntuneApplicationProtection #IntuneAppProtection #Intune #IntuneMAM
What is Intune App Protection Policy?
How to create Intune App Protection Policy?
Microsoft Article - Conditional Launch - docs.microsoft.com/en-us/intu...
Regards,
ConceptsWork - วิทยาศาสตร์และเทคโนโลยี
20:02 itself was well worth watching this video, even if I was aware most of the stuff before that part.
Another greate video, intune is booming thank you for this videos
Genius you are !!!
Really helpful videos,great explanation!
Thank you so much!
Your videos are awesome, thank you.
Really informative. Appreciate your great efforts.
You are really amazing! The depth of knowledge you have .. in every aspect you teach.. plus you go extra mile to show some hidden and unknown tricks..it really is great watching your series..thank you for your all hard work..👍🏻
Thank you so much 😀
Awesome video
Thank you for the video - it helped massively in my understanding how to set up App Protection.
Glad it helped
Great Thanks
You are doing a great job, really helpful. Thanks for all you hard work .
It's my pleasure
love all of your work. very educational and helpful
Thank you! Cheers!
Another great one, all your videos should help me with my coming up exam, in addition with all the other material I studied... thanks
Happy to help!
You are absolutely brilliant. Thank you so much for this
Glad it helped 😊
@@ConceptsWork Quick question. Would MAM work in the same manner if a user has outlook already configured with work email before they were added to the policy?
Great series of videos! I found that you have not covered concepts like Conditional Access and deploying custom Line of Business (LOB) apps? Could you please post a video on those? - enforcing a Conditional Access rule with Intune App Protection policy for Microsoft apps and custom Line-of-Business apps?
Great effort.
Thank you! Cheers!
Hi,
Thanks for the awesome learning video.
Can you please explain a bit more on "select apps to exempt" (explained @ 6:41).Please let me know how to easily find the string/URLS required to configure this feature for third party apps in iOS platform.
Hi,
Thanks for the awesome learning videos.
i have small question .is there a setting to block users from removing apps on Mobiles
Hi Need help, Can we block factory reset option for user in android device via Intune
Fantastic video! Just one question. Are users required to register their device with Azure AD for app protection policies to work? Or is this only required if they are linked with a conditional access policy?
No device registration is not required for Intune MAM.
If the app protection policy is applied it can keep from copying & pasting corporate data, but is there a way to keep corporate devices and especially BYOD users from screenshotting protected documents and apps without disabling the camera?
Thanks for your videos
I have question here l. Does the assignment group must be the same users have MAM scope applied???
It can be same and different as well.
Consider a scenario where you want to enable MAM for all the users in your enterprise, but you have created two different app protection policy for IT/Finance.
IT and Finance users may exists in different group.
How it will work ?
MAM user scope will contain the users from both the group, where the app protection policy created for a specific group will to applied to a particular user.
Do you need to also use a conditional access policy with mam? Are they/can they be linked in some way?
Please check this link - docs.microsoft.com/en-us/mem/intune/protect/app-based-conditional-access-intune
Your videos are having in depth explanation's, Please keep sharing. Below is my question, Kindly clarify me on this.
Airwatch is the MDM solution used in my environment for corporate Devices.
As you said MAM policies will apply for user identity not for device identity. Assume a scenario, whereas the same user identity is having both corporate and BYOD device, So if apply a MAM policy to a user, will it apply to the managed apps in both corporate and BYOD device ?
If yes, is there any way where i can deploy the separate MAM policies with different actions to control the managed apps in both corporate and BYOD device used by the same user identity?
Yes you can scope MAM policies to managed devices and unmanaged devices. Please check "Target to apps on all device types" option in app protection policy.
Be very specific about user scoping, make sure the settings and scope should not overlap between two different policies.
@@ConceptsWork Thank you for your reply. Actually my users corporate devices are enrolled in Airwatch not in Intune and users BYOD devices are not enrolled in Intune. In this case, can we apply two separate app protection policies for the same user identify configured on both the devices ?
Thank you for the great video. It is very useful and educational. I just tested this out and notice that attachment in outlook cannot to be save to other location other than what is specified but have the option to share file via where I can select gmail, box, dropbox.. etc. anyway to block this too?
Please make sure that you have selected the option of only policy managed apps instead of policy managed apps with open-in/sharing filtering.
Thank you very much for your video, i set it up and it works. Could it be that it takes some time or should it work immediately?
i was testing it with my outlook app and somehow it didn't work at first but suddenly it did?
At times it might take couple of minutes to reflect, to check the last policy sync time, use Microsoft Edge on the phone and navigate to about:intunehelp
Hi What emulator are you using?
After having done this, how do we disable so users can't access email by enrolling with intune mdm through company portal with normal outlook client?
If your question is, how to make sure the access is given only on protected applications, you can implement it through conditional access.
docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-protection-based-conditional-access
In Assignments section, which group can compliance with the policy? I mean only the group that have Intune and Premier O365 License, right?
Yes to use intune MAM, you need license assigned to the user.
Also if there are any issues in terms of any setting that you have implement, please check the "help and troubleshooting section" on endpoint.microsoft.com, select user and then select the respective setting that you want to check, the portal will highlight, if there are issues, and guess what the first check if for license.
Happy learning.
Thanks in advance. Can we use VM for autopilot? Somebody told me we can use only physical device. I could not find anything in google.
Yes you can use VM for Windows Auto Pilot as well.
Thank you.
Good informative video. Can you elaborate more about policy managed apps..?.. i mean policy managed apps means..only the app which u added in the policy.?
Any app can be policy managed app, if it has been developed using Inutne SDK or wrapped with Intune.
All the office 365 applicaitons are by default policy managed Application
@@ConceptsWork thanks for your reply.. we have a scenario like this .. we deployed this policy to a test user for Microsoft team. When user click " join meeting " from his email and select "edge" as browser.user will able to join..but if he select "chrome" it will block... Is this because of the above settings..?
Yes it's app protection policy.
@@ConceptsWork but i did not add "edge" along with teams. And also i tested with one more browser which is "web@work" (from mobile iron) that too allows me to join the meeting..
Please navigate to this link - docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-ios
And search for "Restrict web content transfer with other apps"
Hi ,
I configured the same policy for my android mobile in test env but
When the users are already logged in to the applications they are not getting the policy effected once i logged out and logged in again the policy started working..
Can you help me which step i should correct because i cant say the users to sign out and sign in
Please help
Hi can you please tell me as we can assign apps on user grouo not device group, so how to manage software that has device license not users in intune. (windows) please help
Hello Samy, can you share an example please.
Also app assignment for user has nothing to do with app specific license.
@@ConceptsWork For example user 1 login to pc and can use apps, but if user2 login on same pc he cant see apps, i understand apps can pe applied to user group not to device based group. so if some user wants to work on someapp which is not installed on that PC, how he can use that apps on same pc
@@ConceptsWork in simple words when user1 login he can see apps on pc and when other user login on same pc he cant see app.. is their anyway apps get installed on device.. devices are enrolled in intune
I do not think if you need to enable mam user scope for ios and android devices. This is only for Windows devices. Please check
Yes you are right, it is required for windows, I was covering App protection concepts in general, will highlight this specifically in windows information protection video.
How to check which user using this policy?
I wanted to find which user using this policy and how many apps they are using?
Thank you in advance.
Go to troubleshooting and support, select you user and then check the policies which are applied.
Buddy, i did the exact same thing, but the Deployment status still shows as 'No'
Sorry i realized that i had added the group to be excluded and not included under ' Assignment'.