Office 365 MAM Policy

Office 365 Mobile Application Management (MAM) policies allow organization's to secure the corporate data within any Office 365 application. MDM allows organization to enforce policies that manage how the data is accessed and transfered between apps. It also allows you to block access or wipe data when the apps don't comply with the organization's security standards.

Office 365 MAM policies are applied when the user downloads the apps on any Apple or Android devices and logs in using their corporate Azure AD credentials. This means that the MAM policies can be applied to add a layer of security in BYOD deployments.

Pre-requisites

Steps

Follow the steps given below to apply the MAM policies on Office 365 apps



FEATURE

DESCRIPTION

ANDROID

IOS

DATA PROTECTION

DATA TRANSFER

Backup org data to Android backup services

Specify whether the app can backup the corporate data to Android backup services.

Backup org data to iTunes and iCloud backups

Specify whether the app can backup the corporate data to iTunes and iCloud

Send org data to other apps

Specify whether the apps can transfer data to other apps. Restrict this option to ensure corporate data is not accessed by unauthorised apps.

Receive data from other apps

Specify whether the apps can receive data from other apps. Restrict this option to ensure no malicious content is accessed by these apps

Cut, copy, paste

Select whether the user can cut, copy or paste corporate content to or from these apps.

You can choose between the following settings:

Allow: Cut, copy, paste will be allowed between all apps

Restrict: Cut, copy, paste will be restricted between all apps

Allow between policy applied apps: Allow cut, copy, paste only between the apps to which policies have been applied to.

Allow paste-in from policy applied apps: Allow content to be pasted in the app from other apps to which policies are applied to.

Screen capture and Google Assistant

Specify whether screen capture and Google Assistant are permitted while using the app.

ENCRYPTION

Encrypt org data

Specify whether the coporate data in the app should be encrypted.

FUNCTIONALITY

Snyc app with native contact app

Specify whether the app can sync the data with the native Contacts app installed on devices. This is to ensure the Phone app can access corporate contacts available in these apps.

Print org data

Specify whether the app can print the corporate data.

ACCESS REQUIREMENTS

PIN for access

Specify whether a PIN is required to access the apps

PIN type

Select the PIN type that the user must set on the device. You can select between a numeric PIN or an alphanumeric passcode

Simple PIN

Specify whether the users can set a simple PIN for accessing the apps.

Minimum PIN length

Specify the minimum PIN length to be configured by the user.

Fingerprint instead of PIN

Specify whether the user can access the apps using Fingerprint instead of the configured PIN.

TouchID instead of PIN

Specify whether the user can access the apps using TouchID instead of the configured PIN.

FaceID instead of PIN

Specify whether the user can access the apps using FaceID instead of the configured PIN.

Reset PIN after

Specify the number of days after which the user will be prompted to set a new PIN for accessing the apps.

App PIN when device PIN is set

Specify whether an app PIN is required to secure corporate data if the device already has a PIN. If Require is selected, then the user will have to configure both device PIN and app PIN.

Work or school account

Specify whether a work or school account needs to be specified for accessing corporate data. If Require is selected, the user must enter both App PIN and the work or school account.

Recheck access requirements upon inactivity

Specify the inactivity time after which the app must check the access requirements and conditional launch settings to grant access to the app.

CONDITIONAL LAUNCH

APP CONDITIONS

Maximum PIN attempts

Specify the number of incorrect PIN attempts after which the corporate data must be wiped from the apps.

Offline grace period

Specify the duration of offline access, after which the corporate data should be wiped or access to the app be blocked.

Minimum app version

Specify the minimum app version that must be installed on the device to access corporate data. You can configure two app versions with different actions to be performed. You can choose between notifying the user or blocking access to the app till the app is updated.

Minimum SDK version

Specify the minimum Intune app protection SDK version to access the corporate data. You can configure two SDK versions with different actions to be performed. You can choose between notifying the user or blocking access till the SDK version is updated.

DEVICE CONDITIONS

Minimum OS version

Specify the minimum OS version for accessing corporate data. You can configure two OS versions with different actions to be performed. You can choose between notifying the user or blocking access till the OS version is updated.

Minimum patch version

Specify the minimum patch version for accessing corporate data. You can configure two patch versions with different actions to be performed. You can choose between notifying the user or blocking access till the patch version is updated

 

See Also: Associating Profiles to Groups, Associating Profiles to Devices, App Management, Distribute Apps to Devices, Distribute Apps to Groups
Copyright © 2020, ZOHO Corp. All Rights Reserved.
ManageEngine