Exceptional content, easy to understand and follow.

Great video, did some configuration according to the advise given .. :) Very clear. Keep up the good work!

Thanks for this content, Alex !!! Keep it going, please.

Brilliant Video many thanks for your help on this.

Finally new content! Thanks

Excellent sir!! Thank you !!!!

Hi Alex. Do you have a video that covers the MAM app protection policy creation for IOS in a BYOD environment? This video had the steps for creating the policy for Android, but I'm also looking to create one for iOS.

very good video, thank you.

Tnx Alex. Just the info that’s needed ;-)

Great video Alex! Maybe someone has asked this already How can we add all apps such as Slack, or other 3rd party apps to be managed with policies also? This is referring to Android and iOS devices that sign into our Slack account using our work SSO Thank you!

Great vid. Thanks. That handles access / DLP for corporate data. But what about the "quality of life" features an MDM would allow for? Is there some way to (force) deploy apps or app configurations, shortcuts etc. to unmanaged MAM devices? Greatly appreciated :)

First time on your channel and I already know I'm going to like it because your company tenant is Dunder Mifflin 😂

We have implemented Compliance Policy, App Protection Policy, Apple MDM Push cert and Conditional Access Policy that "Require Compliant device" to access Office 365. Situation is: users are already using M365 apps. Seems like the MDM enrollment is not being triggered because iOS users can continually use the Teams and Outlook even though they are not yet-MDM-enabled.

Looks great. Unfortunately the device type option (min 3:50) disappeared, it's not possible anymore to select unmanaged devices. I guess we have to make custom dynamic EntraID groups to assign the policy to? For example (device.deviceManagementAppId -eq null) and (device.deviceOSType -eq "Android") ?

I am a Business Manager Admin. I want to allow my user to BYOD or User Enrolment. What steps should I follow besides from Intunes. Is there any way I can allow my users to enable sign in with their work account on their own device.

i did the same settings, but i am still able to sign in with third party apps like mail app (iphone) and the policy not yet forcing the users app protection like it asked me to setup PIN code but i still can copy data from corp app to other apps! how long the policy need to be fully replicated?

I think you missed on showing us how the Android device is enrolled and signed into but still I enjoy your content.

Hello Alex, Thank you for this great video! It’s very informative! I’d like to ask a couple of questions if that’s okay. I’m failing new to this, so I hope my questions will make sense to you. 1. For app protection policies, do we need to have separate policies for iOS/iPadOS and Android, or a single policy can be applied to both device users? My concern is that I have all the users in one Entra Group, and I don’t know how it’d work if I assign two policies to the same group. 2. Can more than one Conditional Access policy be applied to the same group for BYOD? I’m thinking of device restrictions as well as device cleanup rules for devices that have not checked in for a certain number of days. Thank you and appreciate it!

what will happen if a user also used Outlook(or other microsoft apps) with his private mail and also want to use corporate email?

Hello! Does this work so as to prevent users from using the downloaded gmail app but rather use the approved gmail app in InTune?

Alex, I got a question: What would be a recommended way to restrict/block your organization's OneDrive sync in Mac OS for unenrolled devices? Are there any reference docs in Microsoft Intune or Conditional Access service that could be used?

@Alex de Jong is it possible to block adding Corp and Personal Outlook Or OneDrive account on a iOS BYOD device. Please advise how THanks

explain to us : app configuration policy in Microsoft Intune

Great video! < but for me doesn't work and it's pretty frustrating. Looks like it;s an easy set up, but my outlook on my iphonee will never follow any policies I set up

Hi there. Was wondering if you can help. I sold my HP laptop few days ago and wanted to know if working using Microsoft 365 on an Android tablet is as good or if not better than the online version? Or do you think it's still best to just get a Windows laptop?

Hi Alex, Thanks for this content it is unbelievably helpful, one question if you dont mind please. how can we block access to outlook from outside the work profile in android, for example a byod android device will have a work profile but i do not want to allow users to access emails from the outlook or native mail clients outside the work profile,

big up

Hey great video. Can you use compliance policies for byod iOS devices and block non compliant with conditional access ? Thanks :)

I have set up both an iOS and Android policy and everything is working fine, however the edit function is not working for any Office doc. What have I missed?

Hi Alex, QUestion: do you need to enroll the device to intune? do you have to do something on the device for this restrictions to take effect on it?

One thing I notice with App PP is when on Android BYOD adding a corp account, all of the photos are getting synced, even though the settings on Android "Camera Backup" show saying "Other accounts are not eligible". Example: I have a personal OneDrive on Android > I will add a Corp account to the OneDrive app > It will ask me to enable backup, I will skip that > I will take a photo on BYOD device > The photo will get sent/synced to my corp OneDrive :( ... We can repro those steps on 10 test devices... Pixel 7 PRO and Samsung Galaxy 22 ultra...

I have tried the CA policy creation for macOS devices, but got the following error: "MAM policy can only be applied to Android or iOS client platforms." What would be the solution to configure this for unenrolled macOS devices?

I found this from the MS Documentation: For Android devices, the Company Portal app is required to receive app protection policies. This indeed is true. When I open Outlook for the first time with a targeted user there is a message saying that I also need the Company Portal..

Funny that Windows Phone is still a choice at the 1:54 mark.

What are you using to remote into your phone

You only focused MAM .. not work/profile and personal enrollment for iOS .. both suitable for BYOD i think

Hey Alex, Can we able to block screenshot or screen capture in ios/ipad BYOD? for managed apps only, I tried enforcing through configuration policy, But it enforces to the entire device, I just want to know & i would like to block screen capture only on managed devices BYOD ? is that possible ios/ipad devices? just waiting for your reply also i'm aware this can be done in andriod

Microsoft no longer recommend the use of "Require approved client app", insted they recommend to use " Require app protection policy" or both.. After March 2026, Microsoft will stop enforcing require approved client app control