Get ready for Windows Information Protection in Windows 10/11

Enable mobile application management (MAM) for Windows 10/11 by setting the MAM provider in Azure AD. Setting a MAM provider in Azure AD allows you to define the enrollment state when creating a new Windows Information Protection (WIP) policy with Intune. The enrollment state can be either MAM or mobile device management (MDM).

Important

Windows Information Protection (WIP) policies without enrollment has been deprecated. You can no longer create WIP policies for unenrolled devices.

To configure the MAM provider

  1. Sign in to the Microsoft Intune admin center.

  2. Select All services and choose M365 Azure Active Directory to switch dashboards.

  3. Select Azure Active Directory.

  4. Choose Mobility (MDM and MAM) in the Manage group.

  5. Click Microsoft Intune.

  6. Configure the settings in the Restore default MAM URLs group on the Configure pane.

    MAM user scope
    Use MAM auto-enrollment to manage enterprise data on your employees' Windows devices. MAM auto-enrollment will be configured for bring your own device scenarios.

    • None
      Select if no users can be enrolled in MAM.
    • Some
      Select Azure AD groups that contain users who will be enrolled in MAM.
    • All
      Select if all users can be enrolled in MAM.

    MAM terms of use URL
    The MAM terms of use URL is not supported for Microsoft Intune. This input box must be left blank for protection policies to apply.

    MAM discovery URL
    The URL of the enrollment endpoint of the MAM service. The enrollment endpoint is used to enroll devices for management with the MAM service.

    MAM compliance URL
    The MAM compliance URL is not supported for Microsoft Intune. This input box must be left blank for protection policies to apply.

  7. Click Save.

Next steps

Create a WIP policy