Intune MAM is a way to secure the corporate data on a App level. The MAM policy block for different user action, ensure encryption and authentication to the app.
This is a light way of doing the Intune MAM policy – the full MAM functions is still available in the Intune App protection part of Intune.
So the SharePoint administrator can create a Intune MAM policy that applies to all users in the tenant – with out any knowledge to Intune.
This policy only applies to users in your organization who are licensed for Microsoft Intune directly or indirectly trough the Enterprise Mobility + Security E3 or E5 license.
How to create the MAM policy as a SharePoint Admin
Start the OneDrive admin portal https://admin.onedrive.com/
Go to Device access
Click on Deploy this policy
Change the settings to match your security requirements
In a few minutes the policy will show up in Intune App protection console as deployed global to IOS and android platform.
The 2 apps is OneDrive for IOS and Android – take a look in the target apps inside the policy
In the OneDrive mobile policy – Policy settings
You can see the detailed settings that was set in the Onedrive admin portal
If the policy is disabled in OneDrive admin portal again
The policy is still visible as a Intune App protection policy – but the One Drive App is removed.
If the settings is grayed out like this – it is because the SharePoint Admin user do not have a Intune licens assigned.
Cloud First 