Working on to Enable MAM Policies


Hi All,

I am working on enabling MAM policies so that BYOD devices can access company email even without the device being enrolled with Intune.
I can see the App protection policies, where I can set up rules for Outlook. Today we have conditional access requiring Compliant devices — but should Conditional access policies than be removed for BYOD devices – or how is this to be setup? As for company devices, we still have full enrollment of devices

Posted by Peder Jensen in HTMD FB Group



Answers ( 2 )

  1. Replied by Peder Jensen

    Yes ok – Think we will start with a single user and then exclude the current running CA – and then add them to the new CA requiring app protection

    Replied by Sanjay Mittal

    You can create a group and start by one, set exclusions on the group, and see how it goes. Don’t forget Microsoft Intune takes up to 2 hours to sync policies, so don’t think it’s not working. I have used this all over, and it works well

    Replied by Phrank Michael Martian

    The difference between MAM and MDM seems silly to me.
    Manage the devices.
    Have the users enroll their devices to access company data on their mobile devices.
    Just use security groups to manage them, and when they’re off-boarded, you can be confident that nobody can access company resources from non-enrolled devices.

  2. Replied by Sanjay Mittal

    If your organization currently requires ‘Compliant devices’ to access resources like email, this policy might need to be modified for BYOD scenarios. You can configure exceptions within your Conditional Access policies specifically for BYOD devices, allowing them to bypass the ‘Compliant devices’ requirement while enforcing MAM policies.

    Replied by Peder Jensen

    Ok – so our current CA policies require device compliant It should be set up filter for devices that is noncorporate and exclude those
    And then make new policies for Personal devices that require app protection policies

    Replied by Sanjay Mittal

    Create a security group assign them and add them to exclusions under users, you can do it either for users or devices. for devices, you need to create a device group

Leave an answer

Sorry, you do not have permission to answer to this question .