With home working more important than ever, many organisations are accellerating their adoption of “Cloud”, and embracing new concepts. Secure Remote Work is just such a concept.

Sometimes, it’s simply not possible (or affordable) to provide every employee or authorised user with a fully managed device. Where appropriate, we can allow users to access their email and apps on their personal device, without forcing enrollment. This is typically achieved through Mobile Application Management (Without Enrollment), known in the early days as MAM-WE. These days it’s stuck under than banner of “App Protect”, and we can apply these protections to Managed and Unmanaged devices alike.

So, we know how to secure data within applications through App Protect Policies, but how do employees know which apps we want them to use in the first place? Sure they could figure it out through trial and error, but that’s… not ideal.

Within MEM (Intune), we’re able to deploy apps to Personal (non-enrolled) devices. This isn’t to be confused with deploying apps to Personal, Enrolled devices, which is also possible.

Example usage

In our example marketing organisation we require Exchange Online to be accessed via the Outlook app for iOS and Android, and our preferred meetings tool is Zoom. We recommend all staff have these apps on their personal phones when getting started with the company. Installation isn’t mandatory, but it’s a good idea.

Staff are told about these apps during their induction, but they’re quickly forgotten. We want a way to ensure staff can quickly be reminded which apps are recommended and protected.

MEM Admin Center

From the MEM Admin center, simply choose the application you’d like to make available to unenrolled devices (eg Zoom) and deploy with the option “Available with or without enrollment”. Be sure to only deploy to Users or User Groups in this way, as Devices are not supported.

End user experience

In order to see their Available apps, users need to visit the Company Portal website at https://portal.manage.microsoft.com/

Once they’re logged in, they get a list of all Available apps that they can choose to install.

Main company portal homepage

Published app page

Leave a Reply