Share via

When do I use IntuneMAMUPN and IntuneMAMOID with app protection policies?

D__R_105 20 Reputation points
2025-02-13T16:51:20.4933333+00:00

I'm setting up some app protection policies in my tenant and am going to enforce them with a conditional access policy. I was reading about the need to create a configuration policy for each app for the IntuneMAMUPN and IntuneMAMOID settings. (https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policies) But I dont fully understand if I need to or not.

  1. If I create 2 app protection policies - one for enrolled device and one for unmanaged devices am I correct in say I need to create the configuration policy so that the conditional access policy gets the IntuneMAMUPN and IntuneMAMOID settings from the managed device?
  2. If I only create 1 app protection policy and apply it to all devices regardless of if they are managed or unmanaged, do I still create a configuration policy with those settings?
  • FYI I know I need to create the app protection policy for both Android and iOS.
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,569 questions
0 comments
Accepted answer
  1. Xenia-MSFT 5,095 Reputation points Microsoft External Staff
    2025-02-14T02:31:50.9533333+00:00

    @D__R_105 Thanks for posting in our Q&A.

    When I access the link you provided, it shows "Bad Request". Maybe the correct link is in the following:

    https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policies#device-management-types

    1.Based on my understanding, for intune enrolled devices and the app protection policy only protected the following apps, it is not needed to configure IntuneMAMUPN and IntuneMAMOID settings. These values will be automatically sent.

    Microsoft Excel

    Microsoft Outlook

    Microsoft PowerPoint

    Microsoft Teams

    Microsoft Word

    https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-intune-mam-users-on-iosipados-userless-devices-may-be-blocked-in-rar/4254335?after=MjQuMTF8Mi4xfGl8MTB8MTMyOjB8aW50LDQyNzY5NTYsNDI2MDEyNw

    For intune unmanaged devices, it is still not needed to configure IntuneMAMUPN and IntuneMAMOID settings.

    2.Please note that app protection policy is only applied to user group, not device group. If you don't care if the device is enrolled to intune, it is not needed to configure IntuneMAMUPN and IntuneMAMOID settings.

    Hope it will help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.