Microsoft hopes to end the tug of war between administrators and mobile users.
On one end are users who don't want to relinquish complete control of their own smartphones and tablets to their employers. On the other end are administrators who want to lock down those devices by imposing security-enhancing restrictions with mobile device management (MDM) platforms.
With the new mobile application management capabilities in Intune, Microsoft's own cloud-based enterprise mobility management offering, the company believes it can placate both sides. Intune now offers mobile application management without enrollment, revealed Dilip Radhakrishnan, principal program manager for Enterprise Cloud Mobility at Microsoft.
The feature "gives IT the ability to secure the applications and the data on the devices without enrolling and managing the entire device itself," explained Radhakrishnan in a video published by Microsoft to announce the new functionality.
The Intune mobile application management portal has been added directly to the main Azure portal, which administrators use to manage their virtual machines, SQL databases, cloud subscriptions and the like. Now IT personnel can use the same Azure log-in to access Intune's controls. For now, mobile application management is available under this new setup, but Radhakrishnan said that more of Intune's MDM features will start filtering into the Azure portal.
Using Intune's policy settings, administrators can impose several restrictions on specific apps, including prohibiting backup to personal cloud storage accounts such as iCloud and shutting off the "save as" feature in some apps that can lead to data leakage. Similarly, administrators can shut off an app's copy/paste functionality. For extra security, organizations can require that users input a PIN or authenticate using Apple's Touch ID fingerprint scanner to use an application.
So far, Intune's new mobile application management settings work with Office apps and Skype for Business, but more integrations from third-party app makers are in the works, said Radhakrishnan. For example, Microsoft is currently working with Adobe and Box to bring their apps into the fold.
For enterprises in charge of developing their own mobile line of business apps, the feature integrates with the Xamarin and Cordova mobile-friendly software development toolsets, he added. (Microsoft acquired Xamarin earlier this year.)
Meanwhile, in the wake of this week's announcement that Microsoft and SAP are partnering to expand the HANA on Azure ecosystem, the companies released a preview of the anticipated SAP Fiori Mobile–Microsoft Intune integrations before they are generally available sometime in the third quarter of 2016. Fiori is an application interface framework that enables SAP customers to quickly create custom business applications.
"The Microsoft Intune App SDK is encapsulated in a Cordova plug-in that SAP has integrated into the hybrid mobile service for SAP Fiori. If a customer is an EMS [Microsoft Enterprise Mobility Suite] or Intune customer, when they build their custom hybrid SAP Fiori apps, the Intune mobile application management (MAM) capabilities can be automatically added to the apps," wrote Microsoft Corporate Vice President Brad Anderson and Senthil Krishnapillai, global vice president of SAP, in a joint blog post.