Securing Core Microsoft Apps for BYOD Devices with Microsoft MAM
In today's mobile-first world, businesses face the challenge of securing corporate data on personal devices, known as Bring Your Own Device (BYOD).
Employees often fear that allowing organisations access to their devices means their personal data could be monitored. However, Microsoft Mobile Application Management (MAM) provides a solution that focuses solely on controlling and securing company-owned data and applications, leaving personal data untouched. This blog explores the benefits of Microsoft MAM for data protection and access requirements on BYOD devices.
What is Microsoft MAM?
Microsoft MAM, part of Microsoft Endpoint Manager, focuses on securing and managing apps and data on devices, unlike traditional Mobile Device Management (MDM), which manages the entire device. This approach is more flexible and user-friendly for BYOD scenarios.
Differences Between MDM and MAM
Understanding the differences between Mobile Device Management (MDM) and Mobile Application Management (MAM) is crucial for determining the best approach for your organisation.
Mobile Device Management (MDM)
Management Focus:- Manages the entire device, including settings, security policies, and apps.
- Controls the whole device, allowing actions like wiping, locking, and enforcing passwords.
- Secures the device, user, and app with features like encryption, VPN, and threat management.
- Allows IT to push and install apps directly onto devices.
- Provides basic app management for installation and updates.
VS
Mobile Application Management (MAM)
Management Focus:- Manages and protects enterprise applications and their associated data.
- Controls only the apps, enforcing security policies at the application level.
- Focuses on app security, setting conditions for app usage and preventing unauthorised access.
- Enables IT to push and install apps from a catalogue while allowing users to install approved enterprise apps.
- Offers advanced app management throughout the application lifecycle, including OTA distribution and integration with app stores.
Key Benefits of Microsoft MAM
- Enhanced Data Protection
Microsoft MAM enhances data protection by enforcing policies that control how corporate data is accessed, used, and shared within managed apps. - Data Encryption: Ensures data within managed apps is encrypted both at rest and in transit, protecting sensitive information from unauthorized access.
- Selective Wipe: Removes only corporate data and apps from lost or compromised devices, leaving personal data intact, respecting user privacy.
- Flexible Access Requirements
Microsoft MAM provides flexible access controls, allowing employees to use personal devices for work without compromising security. - Conditional Access: Integrates with Azure Active Directory (Azure AD) to enforce policies based on device compliance, user location, and risk level, ensuring secure access.
- Single Sign-On (SSO): Reduces the need for repeated credential entries, improving user experience and minimizing the risk of password fatigue and exposure.
- Comprehensive App Management
Microsoft MAM offers robust tools for managing and deploying apps on BYOD devices, ensuring users have the latest versions and security updates. - App Configuration: IT admins can configure managed apps to meet organisational requirements, defining how apps behave and interact with corporate data.
- App Protection Policies: Enforces policies that define how data within managed apps is protected, including restrictions on data transfer, app usage, and compliance.
Policy Support and Restrictions
Microsoft MAM comes with a variety of default policies designed to enhance security and control:
Data Protection Policies
- Data Transfer:
- Allow users to save copies to selected services
- Transfer telecommunication data to specified destinations
- Transfer messaging data to specified destinations
- Receive data from other apps
- Open data into organisational documents
- Allow users to open data from selected services
- Restrict cut, copy, and paste between apps
- Set cut and copy character limits for any app
- Control screen capture and assistant functionalities
- Use approved keyboards
- Encryption:
- Encrypt organisational data
- Encrypt organisational data on enrolled devices
Functionality
- Sync policy-managed app data with native apps or add-ins
- Print organisational data
- Restrict web content transfer with other apps
- Enable organisational data notifications
- Start Microsoft Tunnel connection on app launch
Access Requirements
- PIN for Access:
- Set PIN type and minimum length
- Allow biometrics instead of PIN
- Set timeout for activity
- Require work or school account credentials for access
- Recheck access requirements after a specified inactivity period
Conditional Launch
- App Conditions:
- Max PIN attempts
- Offline grace period
- Minimum app version
- Disable account if necessary
- Device Conditions:
- Allowed distributions
- Block jailbroken/rooted devices
- Set minimum and maximum OS versions
- Set minimum patch version
- Specify device manufacturers
- Check store integrity verdict
- Require threat scan on apps
- Require device lock
- Set minimum and maximum Company Portal versions
- Define the maximum allowed device threat level
- Set primary mobile threat defence (MTD) service
Securing Core Microsoft Apps with MAM
Microsoft MAM supports core Microsoft apps, including Microsoft 365 apps like Outlook, Word, Excel, and PowerPoint. Applying MAM policies to these apps ensures corporate data security on personal devices.
- Microsoft Edge Integration: Seamless integration with Microsoft Edge allows IT admins to control web content access and sharing, enhancing data protection.
- Intune App Protection Policies: Allows creation of specific app protection policies for Microsoft 365 apps, enforcing encryption, preventing data leakage, and ensuring compliance.
The Takeaway
Microsoft Mobile Application Management (MAM) offers a robust solution for securing corporate data on BYOD devices. By focusing on app-level protection and management, MAM provides enhanced data security, flexible access controls, and comprehensive app management. As organisations continue to embrace remote and hybrid work models, Microsoft MAM stands out as a critical tool for ensuring corporate data security while empowering employees to use personal devices.
Novata Solutions can assist with establishing an MAM strategy, implementing it, and providing ongoing monitoring to ensure your BYOD environment remains secure and efficient. Contact us for any MAM or MDM deployments or assessments to learn more about how we can help secure your mobile workforce.
Contact Us Today
Ready to Protect and Govern your corporate data on Mobile devices? Contact Novata Solutions today and let our experts guide you through the process. Together, we can create a structured, secure, and efficient mobile policies tailored to your organisation's needs.
Coffee's on us!
Our 💟 for great ☕is second only to our dedication to delivering strategies that drive your business forward.
Let’s discuss how our solutions can fuel your success.
Head Office
Level 7, 12 St Georges Tce
Perth WA 6000
Contact Info
[email protected]
Ph 1300 NOVATA
Quick Links
ISO 27001
ISO 9001
SMB 9001 Gold
In the spirit of reconciliation Novata Solutions acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today. This land always was, and always will be Aboriginal Land.
Novata Solutions is committed to embracing diversity and eliminating all forms of discrimination through education. We welcomes all people and is respectful of individual identities.