Get ready to configure app protection policies for Windows 10

Enable mobile application management (MAM) for Windows 10 by setting the MAM provider in Azure AD. Setting a MAM provider in Azure AD allows you to define the enrollment state when creating a new Windows Information Protection (WIP) policy with Intune. The enrollment state can be either MAM or mobile device management (MDM).

Note

Devices with a MAM enrollment state are required to be Azure AD joined.

To configure the MAM provider

  1. Sign in to the Azure portal, and choose Azure Active Directory.

  2. Choose Mobility (MDM and MAM) in the Manage group.

  3. Click Microsoft Intune.

  4. Configure the settings in the Restore default MAM URLs group on the Configure blade.

    MAM user scope
    Use MAM auto-enrollment to manage enterprise data on your employees' Windows devices. MAM auto-enrollment will be configured for bring your own device scenarios.

    • None
      Select if no users can be enrolled in MAM.
    • Some
      Select Azure AD groups that contain users who will be enrolled in MAM.
    • All
      Select if all users can be enrolled in MAM.

    MAM terms of use URL
    The MAM terms of use URL is not supported for Microsoft Intune. This input box must be left blank for protection policies to apply.

    MAM discovery URL
    The URL of the enrollment endpoint of the MAM service. The enrollment endpoint is used to enroll devices for management with the MAM service.

    MAM compliance URL
    The MAM compliance URL is not supported for Microsoft Intune. This input box must be left blank for protection policies to apply.

  5. Click Save.

Next steps

Create a WIP app protection policy