What is Microsoft Intune app management?

Applies to: Intune in the Azure portal
Looking for documentation about Intune in the classic portal? Go here.

As an IT admin, you are responsible for making sure that your end users have access to the apps they need to do their work. This can be a challenge because:

  • There are a wide range of device platforms and app types.
  • You might need to manage apps on company devices and users own devices.
  • You must ensure your network, and your data remain secure.

Additionally, you might want to assign, and manage apps on devices that are not enrolled with Intune.

Intune offers a range of capabilities to help you get the apps you need, on the devices you want.

App management capabilities by platform

  Android iOS Windows Phone 8.1 Windows 10
Add and assign apps to devices and users Yes Yes Yes Yes
Assign apps to devices not enrolled with Intune Yes Yes No No
Use app configuration policies to control the startup behavior of apps No Yes No No
Use mobile app provisioning policies to renew expired apps No Yes No No
Protect company data in apps with app protection policies Yes Yes No No1
Remove only corporate data from an installed app (App selective wipe) Yes Yes Yes Yes
Monitor app assignments Yes Yes Yes Yes
Assign and track volume-purchased apps from an app store No No No Yes
Mandatory install of apps on devices (Required)2 Yes Yes Yes Yes
Optional installation on devices from the Company Portal (Available install) Yes Yes Yes Yes
Install shortcut to an app on the web (web clip) Yes Yes Yes Yes
In-house (line-of-business) apps Yes Yes No No
Apps from a store Yes Yes Yes Yes
Update apps Yes Yes Yes Yes

1 Consider using Windows Information Protection to protect apps on devices that run Windows 10.

2Applies to devices managed by Intune only.

How to get started

You can find most things app-related in the Mobile Apps workload that you can access as follows:

  1. Sign into the Azure portal.
  2. Choose More Services > Monitoring + Management > Intune.
  3. On the Intune blade, choose Mobile apps.

    The Mobile Apps workload


  • Apps - This node is where you add, assign, and monitor most of your apps.
  • App configuration policies - App configuration policies let you supply settings that might be required when a user runs an app.
  • App protection policies - Lets you associate settings with an app to help protect the company data it uses. For example, you might restrict the capabilities of an app to communicate with other apps, or require the user to enter a PIN to access a company app.
  • App selective wipe - Remove only corporate data from a users device you select.
  • iOS provisioning profiles - iOS apps include a provisioning profile and code that is signed by a certificate. When the certificate expires, the app can no longer be run. Intune gives you the tools to proactively assign a new provisioning profile policy to devices that have apps that are nearing expiry.


  • Licensed Apps - View, assign, and monitor volume-purchased apps from the app stores.
  • Discovered Apps - Shows all apps that were assigned by Intune, and installed on a device.
  • App Install Status - Shows the status of an app assignment you created.
  • App protection status - Shows the status of an app protection policy for a user you select.

For details, see Monitor apps