Intune MAM is a way to secure the corporate data on a App level. The MAM policy block for different user action, ensure encryption and authentication to the app.

This is a light way of doing the Intune MAM policy – the full MAM functions is still available in the Intune App protection part of Intune.

So the SharePoint administrator can create a Intune MAM policy that applies to all users in the tenant – with out any knowledge to Intune.

This policy only applies to users in your organization who are licensed for Microsoft Intune directly or indirectly trough the Enterprise Mobility + Security E3 or E5 license.

How to create the MAM policy as a SharePoint Admin

Start the OneDrive admin portal

Go to Device access

OneDrive Admin - MAM - 01

Click on Deploy this policy

OneDrive Admin - MAM - 07


Change the settings to match your security requirements

OneDrive Admin - MAM - 03

In a few minutes the policy will show up in Intune App protection console as deployed global to IOS and android platform.

OneDrive Admin - MAM - 04

The 2 apps is OneDrive for IOS and Android – take a look in the target apps inside the policy

OneDrive Admin - MAM - 05

In the OneDrive mobile policy – Policy settings

You can see the detailed settings that was set in the Onedrive admin portal

OneDrive Admin - MAM - 06

If the policy is disabled in OneDrive admin portal again

OneDrive Admin - MAM - 10.png

The policy is still visible as a Intune App protection policy – but the One Drive App is removed.

OneDrive Admin - MAM - 08


If the settings is grayed out like this – it is because the SharePoint Admin user do not have a Intune licens assigned.

OneDrive Admin - MAM - 09.png