While SCCM has been my subject for the past ten years, all of us traditional ConfigMgr guys and girls will eventually need to prepare for Intune to take over. I’ve consulted with several companies and ran into instances where the end-game is to fully manage everything in the cloud, nothing on-prem. Inevitably there is always that one person in every that says, “I don’t want the company having access to my personal device!!!!” As a consultant this response is passed to me and I always pitch Intune App Protection or Mobile Application Management without Enrollment. This solution is perfect for companies that want to protect company data without requiring a user to enroll their devices. With Intune app protection, you can implement the following policies for line-of-business application –
• Prevent Android or iCloud backups
• Allow app to transfer data to other apps
• Allow app to receive data from other apps
• Prevent “Save As”
• Restrict cut, copy and paste with other apps
• Restrict web content to display in the Managed Browser
• Encrypt app data
• Disable app encryption when device encryption is enabled
• Disable contact sync
1 . In the search bar type in – “Intune App Protection”


3. Select the app(s)
4. Select the polices and select “Create”
5. Once the policy is created, select the policy and click “Assignment”. Select the group to assign the policy.
