Intune app protection

Intune is a Microsoft service to manage mobile devices and apps. Intune app protection lets you define app-level usage restrictions and assign them to your users.

Because Intune app protection is based on the user identity and doesn’t require device management to secure your corporate data, it’s suitable for Bring Your Own Device (BYOD) programs.

You can manage your Intune app protection policies in Sophos Mobile Admin.

Features and requirements

  • Devices don’t need to be enrolled with Sophos Mobile.
  • You can apply Intune app protection policies to Microsoft 365 Office apps and other apps with the Intune App SDK integrated.
  • Policies are only applied when users log in to an app with their corporate account. There are no usage restrictions when they log in with their private account.
  • You must have an Azure Active Directory (AD) Premium subscription.
  • Users must have an Intune license assigned to their Azure AD account.
  • For the Microsoft Outlook app, users must have a Microsoft 365 Exchange Online mailbox and license linked to their Azure AD account.
  • For the Microsoft Word, Excel, and PowerPoint apps, users must have a Microsoft 365 Business or Enterprise license linked to their Azure AD account.