Great feature. Thanks Dean!

@DeanEllerbyMVP

Жыл бұрын

Thanks!

Hi Dean, very nice tutorial! Just a question: what are the dynamic rules for the 'Personal Device Users ' EntraID Group?

nice one, what is the roadmap for this? Will this only support the browser based scenario or will it extend to the fat apps ?

what licnses i need to enable to be able to use MAM>

Hi Dean, I have more than 50 corporate iPad which are not under any vendor ABM or MDM and they all needs to be enrolled under our ABM. Is there any way to bulk enrol the devices under the ABM instead of manually doing it one by one using the Apple Configurator? I am using Intune as a MDM solution. Please suggest. Thanks

@DrKratzig

9 ай бұрын

Hey, this could be done via your partner where you bought the devices. But your partner/vendor must be able to do so / allowed to do this. In Germany there are only a few official partners who can add devices to ABM.

I'm trying to add Edge app for windows MAM but it says "Can't find any apps". Do you know anything about it?

Can we enforce a policy wherein end user could not install any software and prompt to have admin rights to install or block them when they try to install non compliance software. Thank you!

Do you need to enable WIP in Automatic Enrollment?

Hi Dean, A unique requirement I am facing, We have a CA policy applied to Windows devices, when accessing the Outlook app it will require BYOD devices to be enrolled and compliant to a compliance policy.. But, when the same user accesses OWA on a internet cafe machine, only a App protection policy needs to apply to that session .. the issue I am facing is that, both the App and OWA reports as a "Browser" to the CA policy.

Thank you, very interesting! Now, I am not sure why I would still use "App Enforced Restrction"...

@DeanEllerbyMVP

Жыл бұрын

That's a good point! Perhaps this is the evolution of that?

Hi.. After trying all the steps.. i am getting an error code of 53003. Test id not able to login chrome browser as per policy APP but getting an error in edge browser.

What about preventing a user from using the Outlook App on a personal device?

@DeanEllerbyMVP

Жыл бұрын

You can achieve that with Conditional Access on it's own, but it's limited to allow or block (or require MFA i guess)

The issue I am facing is that the work account gets registered under the local laptop work or school account after the MAM app protection policy for MS Edge is applied locally on the personal Windows laptop. Because of this, the user is able to login to local Teams, OneNote, Onedrive apps under the work account, but these applications cannot prevent copy and paste of information including files to other external applications. The app protection policy does work for the Office products within the Edge browser. How can I prevent the user from logging in to company O365 environment from the locally installed Teams, OneNote, Onedrive applications from the personal Windows laptop but allow all company O365 apps/data from MS Edge where the app protection policy works?

@agbnmr

4 ай бұрын

Conditional access - block the use of desktop apps

@TheMowgus

5 күн бұрын

It would be nice if they had app protection policies for installed Office apps (just like they do on iOS and Android) but they don't. Seems like they want to push everyone to web based; even the new Outlook is just a web based app. They seem to forget that not everyone has constant or fast Internet access.

tried screenshotting? wonder if that works

@patrick__007

Жыл бұрын

Guess that it will work. I believe this will also work on a protection policy in Android/iOS.

@DeanEllerbyMVP

Жыл бұрын

Not tried! let me give it a go on a physical device, as I assume it will work fine on a virtual.

@danzirulez

Жыл бұрын

@@patrick__007 it does on iOS

For the policy to take effect, does this require that the user be signed into the Edge browser with work profile/creds?

@DeanEllerbyMVP

9 ай бұрын

Yes, it does.

@nurbalqis9248

9 ай бұрын

Hye dean, May i know is this features only works on window 11? because I can't log in even though I'm using a work account in the edge browser@@DeanEllerbyMVP

@TheMowgus

5 күн бұрын

In testing I noticed that you have to be logged into Edge for this to work. That negates the point of this protection policy IMO. Staff have their corporate laptops but if they need to access their email from a friend's computer they will end up signing into Edge and the device gets registered in Entra. Might as well just block devices not joined in Entra rather than having staff signing into Edge with their tenant ID on non-corporate devices (which they won't sign out of or have the knowledge to delete their profile).

screen shots?