itpro_mam
0 (0 Likes / 0 Dislikes)
In this video, you learn how to protect content
contained within your mail system
by using managed app policies
in Microsoft Intune.
You would use these policies
with conditional access
which restricts access to email
based on your company's device enrollment
and compliance policies.
Managed apps are typically available
in stores for all devices.
When a user installs
and runs the app on their device,
the policy will be enforced.
Users can be required to enter a PIN
or their work account credentials for access.
These apps only allows users
to save data files
to One Drive for business
and prevent pasting of data
to any non-managed app.
Data is also protected by encryption.
If devices are repurposed,
or if their users leave the company,
corporate data is automatically removed.
However, all personal data
remains untouched.
The app automatically reverts
to a personal app
and remains on the device.
Let's now look at how
these managed app policies
are configured and deployed
using the Intune admin console.
The first step is to create
an app restriction policy.
App restriction policies allow you to enable
a specific set of settings on an app.
These settings can require an app PIN
or corporate credentials,
require uploading to One Drive for business,
and prevent pasting of content
to non-managed applications.
After you set up the app policy,
you assign the policy to specific apps
you want to manage.
You'll need to apply this policy
to one or more groups.
Let's choose the engineering group.
As soon as the app restriction policy is enabled,
users in this group will need to comply
with the policy rules
in order to use the managed app.
The basic premis of this feature set
is to prevent data leakage by leveraging
four sets of capabilities.
We deliver these capabilities
by first enabling the application
to support the data loss prevention settings,
and second, delivering the configuration policy
to control the settings.
Applications, whether
they are Microsoft applications
like the Office suite of mobile apps
or third party applications
are enabled by leveraging
the Intune software development kit.
The administrator is then able to define
the data loss prevention polcies
within the Intune admin console,
defining the applications
these settings should apply to
and for what set of users?
That's it.
Now you know how to enable users
to be productive
while protecting corporate data at the same time
all by using managed app policies
in Microsoft Intune.