What is Microsoft Intune app management?
|Applies to: Intune in the Azure portal|
|Looking for documentation about Intune in the classic portal? Go here.|
Microsoft Intune allows you, as the IT admin, to mange the mobile apps that your company's workforce uses. This functionality is in addition to managing devices and protecting data. As part of this functionality, one of your priorities is to make sure that your end users have access to the apps they need to do their work. This can be a challenge because:
- There are a wide range of device platforms and app types.
- You might need to manage apps on both company devices and user's own devices.
- You must ensure your network and your data remain secure.
Additionally, you might want to assign and manage apps on devices that are not enrolled with Intune.
Intune offers a range of capabilities to help you get the apps you need on the devices you want. The following table provides a summary of app management capabilities. Below the table is a starting point to understand Microsoft Intune in the Azure portal.
App management capabilities by platform
|Android||iOS||Windows Phone 8.1||Windows 10|
|Add and assign apps to devices and users||Yes||Yes||Yes||Yes|
|Assign apps to devices not enrolled with Intune||Yes||Yes||No||No|
|Use app configuration policies to control the startup behavior of apps||No||Yes||No||No|
|Use mobile app provisioning policies to renew expired apps||No||Yes||No||No|
|Protect company data in apps with app protection policies||Yes||Yes||No||No1|
|Remove only corporate data from an installed app (App selective wipe)||Yes||Yes||Yes||Yes|
|Monitor app assignments||Yes||Yes||Yes||Yes|
|Assign and track volume-purchased apps from an app store||No||No||No||Yes|
|Mandatory install of apps on devices (Required)2||Yes||Yes||Yes||Yes|
|Optional installation on devices from the Company Portal (Available install)||Yes||Yes||Yes||Yes|
|Install shortcut to an app on the web (web link)||Yes||Yes||Yes||Yes|
|In-house (line-of-business) apps||Yes||Yes||No||Yes|
|Apps from a store||Yes||Yes||Yes||Yes|
1 Consider using Windows Information Protection to protect apps on devices that run Windows 10.
2Applies to devices managed by Intune only.
How to get started
You can find most things app-related in the Mobile Apps workload that you can access as follows:
- Sign into the Azure portal.
- Choose All services > Intune. Intune is located in the Monitoring + Management section.
On the Intune blade, choose Mobile apps.
The information below corresponds with the options available in the Mobile apps blade.
- Apps - Select this option to add, view, assign, and monitor the apps your workforce uses. For more information, see the following articles:
- App configuration policies - App configuration policies allow you to supply settings that might be required when a user runs an app. For more information, see the following articles:
- App protection policies - App protection policies allow you to associate settings with an app to help protect the company data it uses. For example, you might restrict the capabilities of an app to communicate with other apps, or require the user to enter a PIN to access a company app. For more information, see the following article:
- App selective wipe - Remove only corporate data from a users device that you select. For more information, see the following article:
- iOS app provisioning profiles - iOS apps include a provisioning profile and code that is signed by a certificate. When the certificate expires, the app can no longer be run. Intune gives you the tools to proactively assign a new provisioning profile policy to devices that have apps that are nearing expiry. For more information, see the following article:
For more details, see Manage apps.
- App licenses - View, assign, and monitor volume-purchased apps from the app stores. For more information, see the following articles:
- Discovered Apps - Shows all apps that were assigned by Intune and installed on a device.
- App Install Status - Shows the status of an app assignment you created.
- App protection status - Shows the status of an app protection policy for a user you select.
- Audit logs - Shows the Intune app related activity made by all IT admins.
For more details, see Monitor apps.
- iOS VPP tokens - Apply and view your iOS Volume Purchase Program (VPP) licenses.
- Windows enterprise certificate - Apply or view the status of a code-signing certificate used to distribute line-of-business apps to your managed Windows devices.
- Windows Symantec certificate - Apply or view the status of a Symantec code-signing certificate which is needed to distribute XAP and WP8.x appx files to Windows 10 Mobile devices.
- Microsoft Store for Business - Set up integration to the Microsoft Store for Business. Afterwards, you can synchronize purchased applications to Intune, assign them, and track your license usage. For more information, see the following article:
- Windows side loading keys - You can add a Windows side loading key that can be used to install an app directly to devices rather than publishing and downloading the app from the Windows store. For more information, see the following article:
- Company Portal branding - Customize the Company Portal to give it your company branding. For more information, see the following article:
- App categories - Add, pin, and delete app category names.
- Android for Work - Approve and sync the apps you have approved for your enterprise. For more information, see the following article:
Help and Support
- Help and support - Troubleshoot, request support, or view Intune status. For more information, see the following article: