Site icon Infused Innovations

MAM and Intune: Sandboxing Corporate Data

MAM and Intune: Sandboxing Corporate Data 3

In line with all of Microsoft’s products, Intune is designed to deliver top security for corporate data while optimizing user productivity. In this case, we’re focusing specifically on mobile devices and their apps. Intune is Microsoft’s Enterprise Mobility + Security (EMS) component that manages that area. Let’s take a look at the difference between mobile device management (MDM) and mobile app management (MAM) with Intune. In particular, I’d like to highlight the isolation of corporate and personal data for mobile security. You can learn more about Intune and MAM on Microsoft’s website as well.

Mobile Device Management (MDM) and Intune



Intune uses the protocols or APIs available in each mobile operating system for device-oriented tasks. These include:

Mobile App Management (MAM) and Intune



App management, on the other hand, assumes these kinds of tasks related to mobile apps:

Isolation of Corporate and Personal Data

One of the things I want to point out here is the useful method of isolating or “sandboxing” the corporate from the personal. This keeps a user’s personal information out of corporate IT awareness, protecting the user’s privacy. That means when using Intune MAM policies for protection, IT can’t delete your personal photos.



Likewise, this app management can restrict the use of corporate data (such as by blocking copying and pasting or saving) and remove corporate data from the mobile app when necessary (called selective wipe or corporate wipe). By associating an Azure AD identity with Intune MAM policies, the OS automatically sorts and isolates the two data sets.

Closing Thoughts on MAM with Intune



If you want to allow your users to securely access corporate data on personal devices, then MAM with Intune is the solution you’ve been looking for. Users can sign in to their devices with their personal identity and create a sandboxed area for corporate data.

MAM policies only apply to apps that are protected by your IT organization. Certain apps, such as Outlook and OneDrive, allow both corporate and personal profiles to coexist. If a selective wipe command is sent via Intune, then it only removes the work profile. It’s mobile management that makes sense and works well for personal devices.

For a different kind of data management—one where you want to consolidate rather than sandbox—see our article on streamlining and improving your view of your company’s customers.

Exit mobile version