itpro_mam

In this video, you learn how to protect content contained within your mail system by using managed app policies in Microsoft Intune. You would use these policies with conditional access which restricts access to email based on your company's device enrollment and compliance policies. Managed apps are typically available in stores for all devices. When a user installs and runs the app on their device, the policy will be enforced. Users can be required to enter a PIN or their work account credentials for access. These apps only allows users to save data files to One Drive for business and prevent pasting of data to any non-managed app. Data is also protected by encryption. If devices are repurposed, or if their users leave the company, corporate data is automatically removed. However, all personal data remains untouched. The app automatically reverts to a personal app and remains on the device. Let's now look at how these managed app policies are configured and deployed using the Intune admin console. The first step is to create an app restriction policy. App restriction policies allow you to enable a specific set of settings on an app. These settings can require an app PIN or corporate credentials, require uploading to One Drive for business, and prevent pasting of content to non-managed applications. After you set up the app policy, you assign the policy to specific apps you want to manage. You'll need to apply this policy to one or more groups. Let's choose the engineering group. As soon as the app restriction policy is enabled, users in this group will need to comply with the policy rules in order to use the managed app. The basic premis of this feature set is to prevent data leakage by leveraging four sets of capabilities. We deliver these capabilities by first enabling the application to support the data loss prevention settings, and second, delivering the configuration policy to control the settings. Applications, whether they are Microsoft applications like the Office suite of mobile apps or third party applications are enabled by leveraging the Intune software development kit. The administrator is then able to define the data loss prevention polcies within the Intune admin console, defining the applications these settings should apply to and for what set of users? That's it. Now you know how to enable users to be productive while protecting corporate data at the same time all by using managed app policies in Microsoft Intune.