Mobile Application Management (MAM) allows an enterprise to restrict the data that passes in and out of specific applications on an end user's mobile device, without the need to control the device itself. It is often the top choice for enterprises that practice a Bring Your Own Device (BYOD) strategy.

Microsoft Intune - iOS and Android

Add app policy

To start using MAM with Box for EMM or Box for Mobile, first enable it in Intune. For more information, refer to Microsoft documentation.

When you’re adding an app protection policy, type “Box” in the search field. For iOS, select Box - Cloud Content Management; for Android, you should see Box.

For information on further configuration, see Add app configuration policies for managed iOS/iPadOS devices and Add app configuration policies for managed Android Enterprise devices.

Configure MAM in the Box Admin Console

As an Admin, you can enforce Microsoft's Intune MAM service even if Box account holders are not enrolled in it:

1. Log in to the Box Admin console.
2. Go to Enterprise Settings -> Mobile.
3. Scroll down to find the User Permissions for Box Mobile Application section.
4. Toggle on the Intune Mobile Application Management (Intune MAM) option.

Conditional Access

In addition to the MAM service, Admins can enforce Intune’s Conditional Access to set mobile device-based and app-based policies. For more information, visit Learn about Conditional Access and Intune.

Requirements to use all the existing signals in Conditional Access: 

• Intune MAM must be enabled in the Admin Console as shown above in Configure MAM in the Box Admin Console.
• Users must add their Microsoft User Principle Name (UPN) as a secondary email in their Box account(s) if in case their Microsoft UPN cannot be found in their primary and secondary email addresses in their Box account(s).
  • Example:
    • Box Primary Email: user@company.com
    • Microsoft UPN: user@company.onmicrosoft.com