Wednesday, December 27, 2017

Securing mobile apps end to end with Microsoft Intune MAM

IT administrators can deploy MAM policies that protect data and help safeguard secure access. Intune
App SDK typically handles the implementation of these policies, creating a consistent experience for
administrators across apps and letting developers to quickly turn on MAM.

The Intune App SDK (MAM) supports Xamarin apps, Cordova apps, and also single-platform language/SDK apps like Objective-C apps for iOS and Java/Android-SDK apps for Android.

 After an app is set up for MAM, an IT administrator can do the following:

 Control users’ ability to move corporate documents Administrators can deploy a policy that turns off file backup apps to prevent backing up corporate data to the cloud.

 Configure clipboard restrictions They can deploy a policy so that users are unable to use the clipboard to cut/copy from an Intune-managed app and to paste into a nonmanaged app.

 Enforce corporate access requirements Administrators can require an access challenge to the user, such as full authentication or app PIN, to launch the app. Authentication relies on the users’ Active Directory identity and therefore can benefit from all Active Directory identity features. Intune App SDK uses Azure AD to provide an SSO experience in which the credentials, after they are entered, are reused for subsequent sign-ins. Authentication of identity management solutions federated with Azure AD are also supported.

 Enforce encryption on saved data Administrators can enforce a policy that ensures that all data stored on the device by the app is encrypted.

 Remotely wipe corporate data Corporate data can be remotely wiped from an Intunemanaged app when the device is unenrolled from Microsoft Intune. This feature is identity-based and deletes only the files that relate to the corporate identity of the end user.

 Enforce the use of a managed browser Using the Intune-managed browser helps to ensure that links that appear in emails (in an Intune-managed mail client) are kept within the domain of Intune-managed apps.

 Check device health and compliance Administrators can check the health of the device and its compliance with corporate policies before users access Intune-managed apps. On the iOS platform, this policy checks whether the device has been jailbroken. On the Android platform, this policy checks whether the device has been rooted.

Source Of Information : Microsoft Platform and Tools for Mobile App Development

No comments: