Microsoft Intune Gets Additional Mobile Client Management Capabilities

Microsoft announced some mobile application management progress this week for its Intune service.

Intune is Microsoft's mobile device management (MDM) and mobile application management (MAM) service. It's sold as part of Microsoft's Enterprise Mobility Suite licensing, which also includes access to the Azure Active Directory Premium service and the Azure Rights Management Service. This software bundle aims at delivering mobile management, identity management and rights management controls for organizations across mobile platforms.

Intune is but one solution in a crowded field. Last year, Gartner placed Microsoft in the "Visionaries" category among the various mobile management vendors out there.

Intune has been slowly evolving as a product. It gets enhanced gradually because Microsoft is tasked with addressing the MDM/MAM aspects of different mobile platforms, including Android, iOS and Windows Phone, with each platform having specific built-in capabilities. Today's announcements just described a couple of Intune-related MAM progress milestones.

Skype App Management
First up, Intune now can handle the MAM and "conditional access" aspects of mobile Android and iOS client apps for Microsoft's Skype for Business Online service, Microsoft announced today. IT pros can set client mobile application policies for Skype for Business users. They can also establish policies that will set conditions for when devices are deemed suitable to connect with an organization's network, which Microsoft calls "conditional access."

For instance, network access can be permitted only if the device is running the most up-to-date software. IT organizations can enforce the use of personal identification numbers. They can "selectively wipe corporate data while keeping personal apps and files intact," Microsoft's announcement stated.

The distinction between MAM and MDM can get nuanced. However, Intune can be used to enforce MAM policies while also using other solutions for MDM purposes, Microsoft's announcement explained. IT pros have to turn on so-called "modern authentication" in the latter scenario, though. Here's how Microsoft defined this modern authentication capability:

Modern authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms. This enables sign-in features such as Multi-Factor Authentication (MFA), SAML-based third-party Identity Providers with Office client applications, smart card and certificate-based authentication, and it removes the need for Outlook to use the basic authentication protocol.

Rights Management for Android Apps
Microsoft's second Intune announcement this week is that it has extended its Azure Rights Management Service (RMS) to Android devices. The rights that get managed via Microsoft's service have to do with file access by end users. It's also possible to use Azure RMS to restrict other end user actions, such as the ability to copy and paste text across applications.

Microsoft has now integrated Android apps under Intune's MAM capabilities. For instance, an Android RMS sharing app can be used to view audio and video files, as well as PDFs, from Microsoft Outlook or other Intune-managed applications, the company announced this week. An Intune subscription is only needed if an organization wants to tap MAM capabilities for these Android RMS sharing apps.

Microsoft also has "existing viewer apps for PDF, AV and image" viewing, which are used with Intune-managed applications. However, these viewing apps eventually will get deprecated, meaning that Microsoft plans to stop developing them. "There will be notifications for organizations using these viewer apps," the company promised regarding the forthcoming deprecations, although no timeline was announced. Presumably, RMS sharing apps will be the preferred viewing apps going forward.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube