Get ready for Windows Information Protection in Windows 10/11
Enable mobile application management (MAM) for Windows 10/11 by setting the MAM provider in Azure AD. Setting a MAM provider in Azure AD allows you to define the enrollment state when creating a new Windows Information Protection (WIP) policy with Intune. The enrollment state can be either MAM or mobile device management (MDM).
Windows Information Protection (WIP) policies without enrollment has been deprecated. You can no longer create WIP policies for unenrolled devices.
To configure the MAM provider
Sign in to the Microsoft Intune admin center.
Select All services and choose M365 Azure Active Directory to switch dashboards.
Select Azure Active Directory.
Choose Mobility (MDM and MAM) in the Manage group.
Click Microsoft Intune.
Configure the settings in the Restore default MAM URLs group on the Configure pane.
MAM user scope
Use MAM auto-enrollment to manage enterprise data on your employees' Windows devices. MAM auto-enrollment will be configured for bring your own device scenarios.
Select if no users can be enrolled in MAM.
Select Azure AD groups that contain users who will be enrolled in MAM.
Select if all users can be enrolled in MAM.
MAM discovery URL
The URL of the enrollment endpoint of the MAM service. The enrollment endpoint is used to enroll devices for management with the MAM service.
MAM compliance URL
The MAM compliance URL is not supported for Microsoft Intune. This input box must be left blank for protection policies to apply.
Submit and view feedback for