So common MDM tasks and features, such as WiFi, device VPN, and certificate management, aren't part of this deployment scenario. As an administrator, you still need to protect your data. To protect apps and access to organizational data, administrators use APP-manageable apps, and apply data protection policies to these apps.įor more information, see What are app protection policies?.ĪPP-WE scenarios are for end users who want a small organizational footprint on their devices, and don't want to enroll in MDM. In this scenario, devices typically aren't enrolled or managed by an MDM authority, such as Intune. APP-WEĪn APP-WE (app protection policies without enrollment) deployment defines policies on apps, not devices. This section describes the important characteristics of the APP-WE and Android Enterprise personally-owned work profile deployment scenarios. To see a list of apps enabled with APP, see managed apps with a rich set of mobile application protection policies. To help, Intune includes the App Wrapping Tool tool for existing Android apps (APKs), and creates an app that recognizes APP policies.įor more information on this tool, see prepare line-of-business apps for app protection policies. The developer must modify or recode the app to support APP policies. Without the SDK, they can't enable their app for APP policies. Without the source code, the developer can't integrate with the Intune SDK. Wrapped using the Intune app wrapping tool: Some customers compile Android apps (.APK file) without access to source code.
Integrated into app builds by developers using the Intune SDK: App developers can integrate the Intune SDK into their source code and recompile their apps to support Intune APP policy features. These apps can be installed by end users directly from Google Play Store. These Office apps, such as Word, OneDrive, Outlook, and so on, don't need any more customization to apply policies. Natively integrated into Microsoft first-party apps: Microsoft Office apps for Android, and a selection of other Microsoft apps, come with Intune APP built-in. Individual Android apps are enabled for APP in a few ways: Intune APP requires app developers enable APP features on the apps they create. The policies apply data loss protection at the application level. Intune app protection policies (APP) are data protection policies targeted to users. For more information related to managed Android devices, see Manage Android personally-owned/corporate-owned work profile devices with Intune. The goal of this article is to provide guidance to help you decide. Whether you choose APP-WE or Android Enterprise personally-owned work profiles for your BYOD deployment depends on your requirements and business needs. IT admins are unable to read, access, or erase data that's owned or controlled by end users. In both scenarios, IT admins enforce policies, such as PIN-only authentication on organization-managed apps or identities. They also serve to ensure that a device accessing the data is healthy and not compromised.Įnd-user privacy: APP-WE and Android Enterprise personally-owned work profiles separate end users content on the device, and data managed by the mobile device management (MDM) administrator. These protections prevent accidental leaks of protected data, such as an end user accidentally sharing it to a personal app or account. Protection and segregation of organization-managed data: Both solutions protect organization data by enforcing data loss prevention (DLP) controls on organization-managed data. The APP-WE and the Android Enterprise personally-owned work profile deployment scenarios include the following key features important for BYOD environments: Android Enterprise personally-owned work profiles.App protection policies without enrollment (APP-WE).Microsoft Intune supports two Android deployment scenarios for bring-your-own-device (BYOD): One challenge is protecting resources for users with personal Android Enterprise devices, also known as bring-your-own-device (BYOD).
In many organizations, administrators are challenged to protect resources and data on different devices.