Introduction
Microsoft Intune is a service used to provide MAM (mobile application management) to manage apps and content on Apple iOS devices. With Intune, your users can access their apps and data on the device of their choice while you manage and secure the devices, apps, and content on your network. For example, you can deploy corporate apps as managed apps and prevent users from sharing their data with unmanaged/personal apps, such as Dropbox.
iManage Work Mobility for Intune enables end users to view, download, edit iManage Work files, and upload the edited copies or new versions to iManage Work. Users can also preview, reply, reply all, forward iManage Work emails, and download email attachments.
Intune offers an additional layer of mobile corporate security on top of the inherent security capabilities of iOS. As an administrator, you don't need to wrap the iManage Work Mobility app to take advantage of Intune's extra security features.
By deploying iManage Work Mobility for Intune, you can leverage Intune's key advantages:
- Prevent editing iManage files when a user is logged in to Office apps with a personal O365 account: Office 365 applications require users to sign in with an O365 account. This can be a personal or business account. Enterprises typically want to prevent personal accounts from accessing corporate data, however, there's no existing way in iOS to control personal accounts. Intune provides the ability to control this type of access.
Microsoft Office applications present a unique security case that can't be solved with conventional MDM (mobile device management) or MAM solutions. Users can sign in to the Office applications using both personal and corporate logins. Traditional MDMs such as Blackberry and Ivanti (formerly MobileIron) don't have the capability to oversee what happens inside of an application. This is where Microsoft Intune provides value. Intune allows an administrator to configure copy/paste DLP (Data Loss Prevention) policies, to control of what happens inside of the Office applications to ensure that corporate data remain within corporate boundaries. - Prevent iManage files from being attached to emails sent from personal accounts configured in Outlook: When logged into Office applications using their corporate account, users can access and save content to iManage Work, but are blocked from saving content to other Third Party vendors.
- Allow unmanaged/personal apps to share their data with the iManage Work Mobility for Intune app: Control which apps, such as a note-taking app that the user downloaded, to share data with iManage Work Mobility for Intune.
- Prevent sharing of data to unsanctioned cloud storage services: Inside Microsoft Office applications, users can configure Dropbox, Box, or other storage providers with a personal account to store content. Typically these sites are banned because they cannot enforce proper security controls in these environments. While users may want to use Dropbox or Box for their personal storage, you can use Intune to block your users from saving content to these sites when they are logged in to an Office application using their corporate account.
The following deployment options are supported. See the following Microsoft topics for more information about understanding the differences between deploying MAM vs MDM:
- https://docs.microsoft.com/en-us/intune/fundamentals/byod-technology-decisions
- https://docs.microsoft.com/en-us/intune/end-user-mam-apps-ios
Deployment Option | Result | Benefit |
|---|---|---|
Intune + device enrollment | Intune manages policies; Intune MDM | Recommended - Provides security and control over user devices. The steps in this guide describe how to configure this deployment option. |
Intune + third-party device enrollment | Intune manages policies; Other 3rd-party MDM: AirWatch, BlackBerry UEM, Ivanti, and so on. | Provides security and control over user devices, but with additional cost for two MDMs. This is beneficial if you already have another MDM solution deployed. Note: When using a third-party MDM (for example AirWatch or Mobile Iron), do not set Managed App Configuration using the 3rd party MDM. Instead, the Managed App Configuration must be set in the Intune Portal as described in Configure iManage Work Mobility for Intune as a Managed App. |
Intune manages app policies only | Intune manages only SDK versions of all corp apps, no MDM. User controls their own PIN, TouchID, and so on. | Simplified configuration, however it's the least secure option. For example, there's no way to wipe a device. |
To learn more about Intune's capabilities, see these Microsoft Intune documentation pages:
- https://docs.microsoft.com/en-us/intune/apps/mam-faq
https://docs.microsoft.com/en-us/intune/apps-supported-intune-apps
https://docs.microsoft.com/en-us/intune/app-protection-policy-settings-ios
https://docs.microsoft.com/en-us/intune/data-transfer-between-apps-manage-ios
Intune SDK Version
This version of iManage Work Mobility for Intune uses Intune SDK 19.4.0 MSAL: 1.1.22.