Due to the Current Health issues, there has been alot of people using personal computers to access their company’s information. The best practice is always to use a company device, however due to the availability of the whole world needing laptops for home , this hasn’t been possible. Most of this access has been through a Terminal Server or Citrix which is a method to control company data as its streamed to the computer which is not controlled by a company. This means that if the local PC gets a Virus or Malware data cannot be accessed via this intruder, or the device stolen the company data is still secure.

Some applications might have been setup locally due to issues such as Teams being able to Stream Video and Audio and also email ( for people who want access to their email offline ) such as a plane. The question is how to secure these items?

The answer is Intune MAM. A policy can be defined in Microsoft Intune ( Users will need an Intune and Azure AD p1 License ) so users authenticating with Microsoft Apps direct or Apps that have been wrapped using the Intune Wrapping Tool can be Managed bu the intune App Protection Policy.

MAM can be applied to IoS( Apple ) , Android and Windows 10 build 15063 ( 1703 ) or greater.

MAM uses WIP (Windows Information Protection) on Windows 10 Devices in one of four modes:

1. Hide overrides: Blocks enterprise data from leaving protected apps.

2. Allow overrides: User is prompted when attempting to relocate data from a protected to a non-protected app. If they choose to override this promt, the action will be logged.

3. Silent: User is free to reloacate data off protected apps. These actions are logged.

4. Off: User is free to relocate data off protected apps. No action are logged.

Intune MAM policies can be added to a device after is has been enrolled , this doesn’t just need creating at the start.