Get ready to configure app protection policies for Windows 10
Enable mobile application management (MAM) for Windows 10 by setting the MAM provider in Azure AD. Setting a MAM provider in Azure AD allows you to define the enrollment state when creating a new Windows Information Protection (WIP) policy with Intune. The enrollment state can be either MAM or mobile device management (MDM).
Devices with a MAM enrollment state are required to be Azure AD joined.
To configure the MAM provider
Sign in to the Azure portal, and choose Azure Active Directory.
Choose Mobility (MDM and MAM) in the Manage group.
Click Microsoft Intune.
Configure the settings in the Restore default MAM URLs group on the Configure blade.
MAM user scope
Use MAM auto-enrollment to manage enterprise data on your employees' Windows devices. MAM auto-enrollment will be configured for bring your own device scenarios.
Select if no users can be enrolled in MAM.
Select Azure AD groups that contain users who will be enrolled in MAM.
Select if all users can be enrolled in MAM.
MAM discovery URL
The URL of the enrollment endpoint of the MAM service. The enrollment endpoint is used to enroll devices for management with the MAM service.
MAM compliance URL
The MAM compliance URL is not supported for Microsoft Intune. This input box must be left blank for protection policies to apply.