Microsoft Intune Gets Enhanced Application Protection Policies
New Microsoft Intune updates boost mobile app security, simplify Samsung device management, and streamline Windows setup.
Key Takeaways:
- Microsoft expands Intune’s app protection capabilities for better BYOD security.
- MAM SDK now supports 126 apps, with new additions across iOS and Android.
- Samsung Knox attestation and Windows Autopilot setup receive key automation updates.
Microsoft has rolled out enhanced application protection policies in Microsoft Intune. Application protection policies (APP) are designed to help protect corporate data within mobile apps, especially in Bring Your Own Device (BYOD) scenarios.
MAM SDK adoption grows with 126 supported apps
Microsoft has released the Mobile Application Management Software Development Kit (MAM SDK). This release lets independent software vendors (ISVs) configure their apps to take advantage of the MAM SDK capabilities. The number of supported apps using the MAM SDK has grown to 126, with new additions across iOS and Android. The list includes 4CEE Connect, Applications Manager – Intune, Datasite for Intune, DealCloud, FacilyLife, and more.
Automatic Samsung Knox Attestation simplifies device compliance
Additionally, Microsoft Intune now simplifies Samsung Knox attestation by enabling it automatically in application protection policies for supported Samsung devices. Samsung Knox Attestation is a security feature that verifies the integrity of a Samsung device using hardware-based checks.
“When creating an application protection policy, Samsung Knox attestation will be enabled by default on supported devices, provided the device has been updated to the latest operating system. IT pros will no longer need to create a policy specifically targeting Samsung devices with an assignment filter, nor will they need to create or maintain a separate policy for non-Samsung Android devices. Existing policies can be edited to enable this attestation,” Microsoft explained.
Require Intune Enterprise Application Management apps during device enrollment
Last but not least, Microsoft says that IT admins using Intune Enterprise Application Management can now block user access to the desktop during Windows Autopilot setup until selected apps are installed. This capability helps to ensure that critical apps are in place before the device is used to enhance security and streamline configuration. Administrators can configure this setting for Windows Autopilot device preparation policies and in standard Windows Autopilot enrollment status page configuration.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
