Intune app protection

Intune is a Microsoft service to manage mobile devices and apps. Intune app protection lets you define app-level usage restrictions and assign them to your users.

Because Intune app protection is based on the user identity and doesn’t require device management to secure your corporate data, it’s suitable for Bring Your Own Device (BYOD) programs.

You can manage your Intune app protection policies in Sophos Mobile Admin.

Features and requirements

  • Devices don’t need to be enrolled with Sophos Mobile.
  • Intune app protection policies can be applied to the Office 365 apps, and to other apps that have been integrated with the Intune App SDK.
  • Policies are only applied when users log in to an app with their corporate account. There are no usage restrictions when they log in with their private account.
  • You must have an Azure Active Directory (AD) Premium subscription.
  • Users must have an Intune license assigned to their Azure AD account.
  • For the Microsoft Outlook app, users must have an Office 365 Exchange Online mailbox and license linked to their Azure AD account.
  • For the Microsoft Word, Excel, and PowerPoint apps, users must have an Office 365 Business or Enterprise license linked to their Azure AD account.