Microsoft Expands Intune MAM Capabilities with Enhanced BYOD Support for Windows App and Remote Desktop

Microsoft has enhanced Intune MAM to support customized security and redirection settings for Windows app and Remote Desktop on personal devices.

Published: Nov 11, 2024

Cloud Computing

SHARE ARTICLE

Key Takeaways:

  • Microsoft Intune now supports Windows app on iOS/iPadOS and has introduced a preview of Remote Desktop support for Android.
  • IT admins can now configure app protection policies that manage data access and security on personal devices.
  • This feature enables customized redirection settings and enhances security with measures like requiring PIN access and blocking rooted devices.

Microsoft has announced the general availability of Windows app support for Microsoft Intune Mobile Application Management (MAM) on iOS/iPadOS. The company has also released a preview of Remote Desktop support for MAM on Android devices.

Microsoft Intune Mobile Application Management (MAM) enables organizations to manage and secure their data within mobile apps. This feature is especially valuable in bring-your-own-device (BYOD) environments, where employees use personal devices for work. With MAM, IT admins can set app protection policies to keep company data safe within managed applications.

Previously, it was challenging to support Bring Your Own Device (BYOD) with Azure Virtual Desktop (AVD) and Windows 365, as the system applied identical redirection settings to both corporate and personal devices. This meant features like drive and clipboard redirection were either universally enabled or disabled, without regard for device type.

Enhanced redirection and security controls with Intune MAM integration

With Intune MAM integration, users can now set different redirection options when connecting to Azure Virtual Desktop, the Windows App client, and the Remote Desktop client. These settings can be customized based on factors like user security groups, operating systems, or whether the device is managed through Microsoft Intune.

Microsoft Intune MAM allows organizations to disable specific redirections on personal devices and require PIN access to apps before connection. It also provides options to block third-party keyboards, prevent jailbroken or rooted devices from connecting, and enforce mobile threat defense solutions on devices.

Microsoft Expands Intune MAM Capabilities with Enhanced BYOD Support for Windows App and Remote Desktop
On a managed iPad, drive redirection is allowed – as shown in the left image (Image Credit: Microsoft)

It’s important to note that using Microsoft Intune to configure the Windows App and Remote Desktop app may not be suitable for workloads requiring higher security. For these sensitive tasks, enterprise admins should continue to set redirection settings at the host pool or session host level.

Currently, organizations can use Intune app protection policies to block access based on OS or app version and only allow approved clients on personal devices. Going forward, Microsoft plans to expand these redirection and device posture-checking capabilities to include Windows PCs.

SHARE ARTICLE