Microsoft Outlines Intune Mobile Application Management for Windows 11 -- Redmondmag.com

Microsoft Outlines Intune Mobile Application Management for Windows 11

The new Intune MAM capabilities for Windows 11 are commercially released, for the most part.

By Kurt Mackie
10/05/2023

Microsoft explained a little more this week about mobile application management (MAM) for Windows 11 devices using Microsoft Intune in a Wednesday announcement.

Intune MAM for Windows 11 devices reached the "general availability" (GA) commercial-release stage last month, per this "What's New in Microsoft Intune" document. It had been at the preview stage back in June.

New Windows 11 Support
Intune MAM for Android and iOS devices has long been available, but Microsoft had actually removed the MAM capability for Windows devices at one point, according to Atil Gurcan of the Microsoft 365 CXP team, in the Wednesday post:

It was possible to leverage MAM for unmanaged third party mobile platforms such as iOS and Android however unmanaged – or unenrolled – device support for Windows Information Protection – which was the closest to MAM – was removed quite some time ago.

Intune MAM for Windows is currently at the GA stage for use with Windows 11 version 22H2 build 10.0.22621 or later devices, according to Microsoft's GA announcement in September. It works via the Intune version 2309 release or higher.

Organizations might use Intune MAM for Windows 11 for "users who don't enroll their personal devices, but still need access to organization email, Teams, and more," the announcement explained.

Intune MAM for Windows lets organizations set blocks on printing, copying and sending business data. Organizations can also set application use conditions, such as "timeout values for offline working." Policies can be set for device health checks as well.

MAM for Windows Capabilities
The capabilities added with Intune MAM for Windows include, per Microsoft's "What's New" document:

Intune Application Configuration Policies, which lets organizations customize the user experience in the Microsoft Edge browser.
Intune Application Protection Policies for securing organizational data and checking device health via the Edge browser.
Windows Security Center integration with Intune Application Protection Policies for detecting "local health threats on personal Windows devices."
Application Protection Conditional Access, currently at preview, which checks device health before "granting protected service access via Entra ID (AAD)."

Microsoft had indicated during the preview stage that Intune MAM for Windows worked with "Microsoft Edge for Business on Windows," which is Microsoft's browser scheme that lets users access a company-branded browser that will keep work data separate from personal browsing data. The Microsoft Edge for Business browser reached the GA stage for managed devices via "Microsoft Edge version 116 or later" releases, per this "Microsoft Edge for Business" document.

Microsoft also had indicated back then that the Windows 11 Enterprise edition needed to be used with Intune MAM for Windows.

Possibly, Windows 11 Enterprise edition and Microsoft Edge for Business are required to use Intune MAM for Windows, but Microsoft never seems to make such a statement in its announcements and documents. It's FAQ document on MAM baseline requirements doesn't have such a specification.

Microsoft's Wednesday announcement, which includes a walkthrough for setting up Intune MAM for Windows, seemed to suggest that the Edge browser is needed to get some of the MAM for Windows protections, though.

Here's how that possible Edge browser dependency was expressed:

When available applications are listed for the Application Protection Policy for Windows platform, the only application that will be listed is Microsoft Edge. – First thing to note here; APP on Windows is available on Microsoft Edge only. At least for now. We will see how and if other applications will be supported with this feature.

This new MAM Intune capability for Windows devices seems to have flown under the radar screen. It's perhaps big news that Microsoft is now supporting its own operating system, Windows 11, after having supported Android and iOS for years.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.