Skip to content
Support
  • There are no suggestions because the search field is empty.

Mobile Management | Introduction

This guide explains the differences between MDM and MAM, what IT teams can expect when supporting them, and the types of issues end users are most likely to experience.

Next: Supporting iOS and Android with MDM (Mobile Device Management)

Overview: Managing iOS and Android with Microsoft Intune

Microsoft Intune gives organisations two main ways to manage mobile devices: Mobile Device Management (MDM) and Mobile Application Management (MAM). Both approaches help protect company data, but they work differently and are suited to different scenarios.

MDM (Mobile Device Management)

What it is

  • Full device management through Intune.

  • Device must be enrolled into Intune.

  • IT can apply compliance rules, deploy apps, enforce passcodes, and configure settings like Wi-Fi or VPN.

When it’s used

  • Corporate-owned devices.

  • BYOD (bring your own device) where full management is acceptable.

What end users notice

  • Company Portal or management profile installed.

  • Security requirements like PIN/passcode, encryption, or biometric setup.

  • Company apps pushed directly to the device.

  • Some restrictions depending on policy (e.g. blocked app stores, forced updates).

Common issues IT will see

  • Device not enrolling correctly.

  • Company apps not appearing after enrollment.

  • Compliance errors (e.g. passcode too simple, OS out of date).

  • Conditional Access blocking access because compliance hasn’t synced.

MAM (Mobile Application Management with App Protection Policies)

What it is

  • App-level management, without enrolling the whole device.

  • Protects company data inside apps like Outlook, Teams, or OneDrive.

  • Works on personal devices without giving IT control of the entire phone.

When it’s used

  • BYOD where users don’t want full management.

  • Scenarios where company data is the priority, not the device itself.

What end users notice

  • Required to sign into Microsoft apps with their work account.

  • May be asked to set up an app PIN or use biometrics to open apps.

  • Can’t copy data from corporate apps into personal apps.

  • Company data may be wiped from apps if access is removed.

Common issues IT will see

  • Users confused about why they can’t copy/paste between apps.

  • App asking for a PIN reset.

  • Work account suddenly signed out of apps.

  • Users thinking their personal device data was wiped (when only corporate app data was removed).

Key Differences

  MDM MAM
Scope Full device management App-only management
Ownership fit Corporate-owned, some BYOD Mostly BYOD
Control IT controls compliance, apps, and settings IT controls only company apps and data
User impact More visible changes to device settings Minimal device changes, but restrictions in apps
Typical issues Enrollment failures, compliance errors PIN resets, copy/paste restrictions

What This Means for IT Support

  • MDM support often involves troubleshooting enrollment, compliance, and app deployment.

  • MAM support is more about helping users understand why apps behave differently and resolving access or policy enforcement issues.

  • In both cases, the IT team’s role is to reassure users about what’s expected, confirm whether the device/app is in the right state, and escalate only when the issue is outside normal behaviour.

Next: Supporting iOS and Android with MDM (Mobile Device Management)