Understanding Mobile Application Management (MAM) with Microsoft Intune

Introduction

In this document, we aim to provide a comprehensive understanding of Mobile Application Management (MAM), introduce our mobile apps tailored for Microsoft Intune, outline the current policy support and restrictions of our Intune app, guide you through the requirements and steps to set up Intune-compatible apps, explain how these apps function within your organization, and address some frequently asked questions.

Understanding Mobile Application Management (MAM)

Mobile Application Management (MAM) is a potent tool empowering organizations to secure and manage mobile apps deployed on employees' devices. MAM's primary focus is safeguarding the data within the app itself, rather than the device. This approach allows you to protect sensitive organizational data while affording users the flexibility to use their devices for both personal and work purposes.

Our Mobile Apps for Intune

We are delighted to introduce our mobile apps, purpose-built for Microsoft Intune. These apps are available for both Android and iOS devices as native and branded apps ensuring a seamless experience for your entire workforce.

Policy Support and Restrictions

Our Intune app comes equipped with a range of default policies designed to enhance security and control:

1. Require Biometrics to Open the App: You can mandate the use of Face ID or a PIN code, with the option for users to select Face ID if their device supports it. This can be controlled through Intune policy. Please note that Android only supports PIN, whereas iOS supports both Touch ID and Face ID based on device compatibility.

2. Require Encryption of Organizational Data: Encryption of organizational data can be enforced through Intune policy.

3. No Backups: Our app does not offer a backup option, ensuring that sensitive data remains under your organization's control.

4. No Jailbroken Devices: We fully support Intune policies to block jailbroken or rooted devices.

5. Prevent Copying and Pasting: Content copying and pasting can be controlled via Intune policies.

6. Detailed Messages on Locked Mobile Screens: While there is no specific Intune policy for this, it can be managed through OS settings.

7. Reauthorization and Access Restriction: Our app aligns with Single Sign-On (SSO) configurations and timeouts, providing you with control over access.

8. Restrict Web Content to Display in the Managed Browser: Our app supports the Intune policy to restrict web content to display only on managed browsers.

Requirements and Steps to Apply Policies on Our App

To apply policies to our Intune-compatible app, follow these steps:

1. App Addition: Ensure you have added our app in your Intune account by following the provided documentation.

2. Provide App Configuration File for Branded Apps: Provide the values generated post app registration in Azure AD. Reference document link: Azure Configuration - Intune.

   • Simpplr will provide the package name and signature hash to set up the app in Azure AD

3. Policy Configuration: Set up Intune policies according to your security requirements.

4. Apply Policy: Apply policies to the desired set of users and groups.

5. Deployment: Deploy our Intune-compatible app across your workforce.

Please note that setting up the app and applying Intune policies is a task typically handled by your IT team. We have limited knowledge in this area and can only support you with our app.

How Intune-Compatible Apps Function

Intune-compatible apps seamlessly integrate with your organization's security policies. They offer enhanced security features, including biometric authentication and data encryption, while preserving a user-friendly experience.

Frequently Asked Questions (FAQs)

Q1: What do I do if someone uploads protected data to our app? A: The app does not store any files on the device.

Q2: What if this data gets downloaded to a personal device and shared with other cloud environments? A: Our app does not allow users to download any data.

Q3: Do we support encryption? A: We do not support encryption on mobile, as we do not save anything locally.

Q4: Do we support blocking the app backup? A: We do not have a backup option available on the mobile app.

Q5: How often should reauthorization occur? A: The SDK will automatically prompt for login when required, based on the SSO policy added.

Q6: Can you explain the process of app updates in more detail? A: This is not related to MAM integration.

If you have any further questions or require assistance, please do not hesitate to contact our support team or mobile team.