Configure Intune Mobile Application Management Policy
When you deploy applications using Microsoft Intune, you want them to align with your company compliance and security policies. You do that by using Intune mobile application management policy. When you add a software in Intune, you cannot deploy it directly. You must configure Intune mobile application management policy first. Mobile application management (MAM) policies allows you to modify the functionality of apps. For example you can choose to encrypt app data, allow or block screen capture, etc.
Mobile app management policy cannot be deployed directly. Therefore it must be associated with a software which it will manage. MAM supports only devices that run Android 4 and later and iOS 8.0 and later. When you deploy the software, the policy the settings that you specify will take effect. In my previous post we saw the steps to add an android application to Intune. However if you try to deploy this android app without creating mobile application management policy, you will see the below message
“The software you are trying to deploy must be associated with a mobile app management policy and there are currently none defined. Create a policy from the Policy workspace.”
Configure Intune Mobile Application Management Policy
To create Intune mobile application management policy, in the Intune admin console, choose Policy > Overview > Add Policy. In Create a New Policy window, expand Software and select Mobile Application Management Policy (Android 4 and later). In the right pane select Create a policy with the recommended settings. Click Create Policy.
The new policy appears in the Configuration Policies node of the Policy workspace.
To make changes to the policy, right click the policy and click Edit. Read this article for information about the policy settings. As an example I have done some changes under Additional Policies. I have set Encrypt app data to No and Block screen capture to No. Finally click Save Policy.
In the next step you need to associate the app with a mobile application management policy, and then deploy the app. We will see this in upcoming post, until then stay excited.