Microsoft has enhanced Intune MAM to support customized security and redirection settings for Windows app and Remote Desktop on personal devices.
Published: Nov 11, 2024
Key Takeaways:
Microsoft has announced the general availability of Windows app support for Microsoft Intune Mobile Application Management (MAM) on iOS/iPadOS. The company has also released a preview of Remote Desktop support for MAM on Android devices.
Microsoft Intune Mobile Application Management (MAM) enables organizations to manage and secure their data within mobile apps. This feature is especially valuable in bring-your-own-device (BYOD) environments, where employees use personal devices for work. With MAM, IT admins can set app protection policies to keep company data safe within managed applications.
Previously, it was challenging to support Bring Your Own Device (BYOD) with Azure Virtual Desktop (AVD) and Windows 365, as the system applied identical redirection settings to both corporate and personal devices. This meant features like drive and clipboard redirection were either universally enabled or disabled, without regard for device type.
With Intune MAM integration, users can now set different redirection options when connecting to Azure Virtual Desktop, the Windows App client, and the Remote Desktop client. These settings can be customized based on factors like user security groups, operating systems, or whether the device is managed through Microsoft Intune.
Microsoft Intune MAM allows organizations to disable specific redirections on personal devices and require PIN access to apps before connection. It also provides options to block third-party keyboards, prevent jailbroken or rooted devices from connecting, and enforce mobile threat defense solutions on devices.
It’s important to note that using Microsoft Intune to configure the Windows App and Remote Desktop app may not be suitable for workloads requiring higher security. For these sensitive tasks, enterprise admins should continue to set redirection settings at the host pool or session host level.
Currently, organizations can use Intune app protection policies to block access based on OS or app version and only allow approved clients on personal devices. Going forward, Microsoft plans to expand these redirection and device posture-checking capabilities to include Windows PCs.