Table of contents
Enterprise Mobility Management helps your company securely manage access to company content through mobile devices. The EMM capabilities that Box integrates can be split into device management (MDM) and app management (MAM). MDM and MAM can be used independently, or together, so you can pick a configuration that is right for you.
On iOS, the Box for EMM app is required to get the most out of MDM. If you want to use only MAM, you can enable it with the standard Box app (Box for mobile).
Box for EMM
The Box for EMM app on iOS offers the following features: Allows enterprises to restrict Box usage to company-approved mobile devices secured by MDM providers. Allows some configuration of Box app behavior through managed app configurations. Optionally (with select MDM providers), causes server-to-server communication between Box and the MDM server during login to check the device management status. On Android, when the Box app is installed through Android Enterprise, it has similar functionality to Box for EMM on iOS.
Device and app management
Box for EMM facilitates the functionality supplied by the Mobile Device Management (MDM) providers. Mobile Application Management (MAM) through Intune is supported in Box and Box for EMM apps. Both MDM and MAM are compatible with a Bring Your Own Device (BYOD) strategy, and in either case you allow the organization to control the device or its applications. Below table lists the differences between MDM and MAM options.
| MDM | MAM |
| Organization controls the entire device along with the data. | Organization controls enterprise apps and data. |
| Organization manages the device. | Organization does not manage the device. |
| Requires device enrollment. | Does not require device enrollment. |
The MDM providers manage the device, while Box for EMM checks that it is running on a managed device before allowing any access. Note that the MDM providers’ admin can deprovision the Box for EMM in the MDM portal.
Choosing the most suitable solution
Depending on your company’s needs, you can choose to implement MDM or MAM solutions, or use both.
MDM solution is most commonly used for company-owned devices, as it provides complete control over the device - from setting up a secure VPN connection to access the company resources, to configuring lock screen options on a device.
After enrollment, the company can track the device and wipe it if it’s lost or otherwise compromised. Users can install their own applications freely, but you can specify which sources can and can’t be used.
Bear in mind that MDM doesn’t allow you to track and control any data within an application, but it provides some controls for restricting data transfer between applications. All MDM providers have similar capabilities to control devices, as they use OS provided interfaces to do this. More information is available from Apple, Google and MDM providers.
MAM is more friendly towards the BYOD strategy - the company doesn’t control the entire device, which is more acceptable for employees who use their private devices to access company resources.
MAM clearly separates corporate apps from private ones. You can decide which apps can save content in a specific location, including into Box and provides a good balance between privacy and security. See also: How to enable MAM
As of March 2023, Microsoft Intune is the only MAM provider supported by Box.
It is possible to use both MDM and MAM at the same time. Box for EMM app is required for MDM, while only the standard Box application can be used with MAM without MDM.
Operating systems and providers
As of today, Box for EMM supports the following operating systems:
- iOS 16 and above
- Android 11.0 and above
For more information on OS support in Box, see Box Policy for Browser and OS Support.
You can deploy Box using any MDM provider, but only the ones listed below support the managed status check (MSC):
- Workspace ONE Unified Endpoint Management (AirWatch)
- MobileIron Core (Ivanti Neurons)
- MobileIron Connected Cloud (Ivanti Neurons)
- MaaS360
The MSC process is not needed for most enterprises. If you wish to use other MDM providers and your threat model indicates that a simple Box verification of MDM deployment is not strong enough, contact your CSM to make Box aware of your needs. If you don’t have a CSM assigned, contact your Account Executive or our Sales team.
For MAM, you need to choose Intune. If you want to use MDM with MAM, you can choose other providers.
If you can't deploy Box with an EMM solution, our iOS and Android apps offer a variety of native mobile security features. See Understanding Mobile Security Settings for more information.