MAM Policies - App

Question

Hi All,

I need your suggestions on below clarifications pls

1. We don't want to enroll devices directly in Intune, but wanted to manage unenrolled devices. In this case, what user scope should i set

MAM.png

1. For app protection policy to get applied on the device, should i deploy outlook app to unenrolled devices and only then it will get applied. Should i configure something under app configuration profile.
2. Can i apply conditional access policies in unenrolled devices.

Please advice

Answer 1

“For app protection policy to get applied on the device, should i deploy outlook app to unenrolled devices and only then it will get applied. Should i configure something under app configuration profile.” - You can only deploy apps to a managed device. What you need is to setup App protection and app configuration policies to apply through MAM channel.

“Can i apply conditional access policies in unenrolled devices.” - Yes you can by using APP as the condition in CA. For this to work, you will obviously need to make sure that the App you want to manage supports Intune SDK in order to apply APP through MAM channel in the first place.

Answer 2

@karthik palani Thanks for posting in our Q&A.

“We don't want to enroll devices directly in Intune but wanted to manage unenrolled devices. In this case, what user scope should I set”

----Yes, you can configure as it shows in the picture. Based on my experience, what "MDM user scope" you configured will not affect MAM.

Hope it will helpful.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.