Skip to content

Intune app protection

Intune is a Microsoft service to manage mobile devices and apps. Intune app protection lets you define app-level usage restrictions and assign them to your users.

Because Intune app protection is based on the user identity and doesn’t require device management to secure your corporate data, it’s suitable for Bring Your Own Device (BYOD) programs.

You can manage your Intune app protection policies in Sophos Mobile Admin.

Features and requirements

  • Devices don’t need to be enrolled with Sophos Mobile.
  • You can apply Intune app protection policies to Microsoft 365 Office apps and other apps with the Intune App SDK integrated.
  • Policies are only applied when users log in to an app with their corporate account. There are no usage restrictions when they log in with their private account.
  • You must have a Microsoft Entra ID P1 or P2 (Azure AD Premium) subscription.
  • Users must have an Intune license assigned to their Microsoft Entra ID (Azure AD) account.
  • For the Microsoft Outlook app, users must have a Microsoft 365 Exchange Online mailbox and license linked to their Microsoft Entra ID (Azure AD) account.
  • For the Microsoft Word, Excel, and PowerPoint apps, users must have a Microsoft 365 Business or Enterprise license linked to their Microsoft Entra ID (Azure AD) account.

For details on Intune, see the Microsoft Intune documentation.

For details on Intune app protection, see Microsoft Intune protected apps.