Microsoft Mobile App Management (MAM)

About MAM

Microsoft Mobile Application Management (MAM) safeguards data from IC email and IC OneDrive accounts on phones and other mobile devices. Unlike traditional mobile device management (MDM) solutions, MAM does not provide access or visibility to your device or other data on it. It just sets security requirements, partitions IC data in an encrypted container, and requires a PIN or other unlock mechanism to access it.

FAQ

FAQ: Mobile App Management (MAM) User Experience

User Experience and Tasks with first time setup of App Protection Policies on a mobile device.

What MAM Does and Does Not Do:

1. Encrypts College Data: Within Outlook and other applications that support it, MAM encrypts data from your IC email account and IC OneDrive and keeps it separate from your other accounts. This is seamless and does not affect data from non-IC email accounts or non-IC OneDrive accounts, even if you access them through the Outlook or OneDrive apps.
2. Sets an Application PIN: Once MAM is configured for your account, the next time you open your IC account in Outlook, OneDrive or another application that supports it, you will be prompted to create an application PIN. This is technically separate from the device PIN you may have set to unlock your phone, but you can use the same number as long as you haven't shared it with anyone. Once an application PIN is set, you may unlock protected apps with it or your device’s built in face or fingerprint recognition capability. Doing so does not send your biometric info anywhere; it’s remains local to your phone as normal.
3. Sets Device Security Requirements: MAM verifies your device's basic security status, such as whether it has critical software updates or has been jail-broken, before granting access. This information is not shared with Ithaca College.
4. Non-Intrusive Protection: MAM does not provide anyone with access to your phone. It does not show us what apps are installed, what web sites you browse, your location, your text messages, photos, contacts, or anything else that isn’t stored in your IC email or IC OneDrive accounts. This is running on our phones as well, and we would not be comfortable with that if there were privacy concerns.
5. Separates IC Data from Personal Data: MAM keeps your IC data separate and allows the college to remotely wipe the local copy of your IC email and IC OneDrive files in case your phone is lost or stolen. It does not provide the ability to wipe your entire device or any other data it contains.
6. Not All Applications Support MAM: We have long strongly recommended using Outlook to access your IC email. Apple Mail and some other email apps do not support the security features MAM relies on and will no longer be able to access IC email.

External resources

Our aim is to be transparent about what MAM does and does not do. We recognize that our phones are our most personal devices, which is why we have chosen this non-intrusive solution for protecting the college's data. For those interested, here are two articles that describe MAM's capabilities in detail.

• Microsoft MAM for unenrolled devices (Microsoft Learn)
• App Protection Policy (Microsoft Learn)
• iOS app protection policy settings (Microsoft Learn)
• Android app protection policy settings (Microsoft Learn)