How to enforce a particular Application Protection (MAM) policy Managed vs. UnManaged Devices

--

Here is our scenario. On one hand we have BYOD personal devices are being used to access corp data. Separately, we have Corporate MDM enrolled devices accessing corp data. How do we enforce a particular MAM policy to a user when multiple policies are assigned to that account? How can we enforce a Managed Policy on Managed Devices?

We will use an Application Configuration Policy to achieve the desired end result. By Setting the IntuneMAMUPN setting we can enforce the managed policy on managed devices. Otherwise, they will get the unmanaged policy.

Our MAM Policies:

App Configuration Policy Below

UPN String Setting Below:

And Done. Now when you enroll a device with multiple MAM policies targeted to the user, the proper MAM policy will be processed by the device.

--

--

Consultant working mainly on System Center, Azure/EMS, Systems Management and Windows Deployment.