The Microsoft Vision Help organizations enable their users

The Microsoft Vision Help organizations enable their users to be productive on the devices they love while helping ensure corporate assets are secure. Users Apps Data Devices Secure and protect against new threats Maximum productivity experience Comprehensive and integrated Employees Business partners Customers

Intune Android overview Android for Work MAM without enrollment Enabling apps for MAM

Intune Android overview Android for Work MAM without enrollment Enabling apps for MAM

Identity Protect your identity and authentications • MFA • Azure sign-in protections • Conditional Access • Right app, right identity, right risk profile Application Control how data is used and shared inside your apps • Multi-identity controls • Cloud storage controls • Data transfer protection • Enforceable without device enrollment Device Multiple choices for device management • Android for Work • Samsung KNOX Standard • Core Android 4. X

• Enrolling corporate devices for management • Enrolling personal devices for management • Provisioning settings, certs, profiles • Reporting device inventory • Measuring device compliance • Removing corporate data from devices • All of the above using OS standards • • Mobile Device Management Mobile App Management Publishing mobile apps to users Configuring mobile apps Securing corporate data in mobile apps Removing corporate data from mobile apps • Updating mobile apps • Reporting app inventory and usage • All of the above with or without MDM

Source: http: //opensignal. com/reports/2015/08/android-fragmentation/

Intune Android overview Android for Work MAM without enrollment Enabling apps for MAM

Android is missing some key features, like per-app VPN, silent app installs, and a configurable email client. Android security is fundamentally lacking. I don’t want to allow installations from unknown sources. Android OEM fragmentation affects manageability and user experience. Too many prompts!

https: //www. google. com/work/android/

https: //blogs. technet. microsoft. com/enterprisemobility/2016/09/12/microsoft-intunesupport-for-android-for-work/

BYOD • Employees can use their personal AFW-capable devices for work while allowing IT to manage only work apps and data through a separate, native profile. Corp owned, personally enabled • Corp-owned devices provisioned by IT and provided to IWs to use. IT manages the entire device. Requires IT provisioning step. Kiosk (COSU) • Single-use, kiosk-style devices

Free public store Private LOB • Any free app available in the public Play Store today • IT pro approves apps and accepts permissions on behalf of org • IT pro publishes LOB APK to private Play for Work domain • Requires Android developer account Paid public store • License management and tracking for purchased apps Self-hosted LOB • APK content is hosted on separate content server • For APKs that have security-sensitive content

Intune Android overview Android for Work MAM without enrollment Enabling apps for MAM

MAM policies Corporate apps Azure Rights Management File policies Personal apps MDM – optional (Intune or 3 rd-party) MDM policies

Intune mobile app management for BYOD Personal M AM po lic ies Corporate Personal Data Corporate Data

Intune mobile app management for MDM coexistence MDM vendor MDM polic ies Personal Corporate MAM polic ie Personal Data s Corporate Data

Enforce corporate data access requirements § Require a PIN for launching the app § Require authentication using corporate credentials before launching the app § Verify device health before launching the app Prevent data leakage on the device § Allow/block copy/paste § Allow/block screen capture § Prevent file saving to unauthorized locations § Restrict sharing of data between applications Enforce encryption of app data at rest App-level selective wipe

https: //www. microsoft. com/en-us/server-cloud/products/microsoft-intune/partners. aspx

Available now i. OS Android Coming soon Coming later

Intune Android overview Android for Work MAM without enrollment Enabling apps for MAM

Paths to MAM policies Microsoft Applications • Microsoft Office and Productivity Apps • Natively manageable with Intune MAM • Same App Store Apps for Personal and Corporate Intune Companion Apps • Support protected web browsing and content viewing App Wrapping Tool • Enables protection for LOB apps • No code changes required, targeted for IT Pros • Supported on i. OS and now Android App SDK • Enables full DLP for any app, including Store Apps you publish • Requires app participation, targeted for Developers • Xamarin and Cordova Support

@msintuneappsdk -android https: //docs. microsoft. com/en-us/intune/develop/intune-app-sdk

www. microsoft. com/itprocareercenter www. microsoft. com/itprocloudessentials www. microsoft. com/mechanics https: //techcommunity. microsoft. com

http: //myignite. microsoft. com https: //aka. ms/ignite. mobileapp