Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status
Print

Box as a Managed Place in Microsoft Intune

End User , Integrations , Mobile , Microsoft , Box Mobile , Concept , Article , Product Utilization , Established , Instruction

Overview

Box and Microsoft have enabled a new capability for Intune Mobile Application Management (MAM aka App Protection Policy) that allows saving copies of org-managed documents to Box from the relevant Microsoft mobile apps (i.e. Office, Word, PowerPoint, Excel, and Outlook apps). Previously, enterprises that leveraged Intune MAM were limited to OneDrive and SharePoint as managed cloud storage providers. Box as a Managed Place in Intune now provides enterprises the option to control the flow of managed data to move between Microsoft and Box, and block any attempts to save copies of org-managed data outside of Box.


Supported Microsoft Mobile Apps

iOS: Office, Word, Powerpoint, Excel, Outlook
Android: Office, Word, Powerpoint, Excel


Technical Requirements

Enterprises will be required to have Azure Active Directory (AAD) or Okta federation for their Box login in order to utilize the Box as a Managed Place functionality in the relevant Microsoft mobile apps. Enterprises are not required to have a Mobile Device Management (MDM) solution to enable the functionality because the functionality is part of Microsoft's Intune MAM policy aka app protection policy, meaning it's available for both MDM enrolled devices and unenrolled devices.


Enable Box as a Managed Place from the Microsoft Intune Portal

To enable the Box as a Manage Place functionality, a Microsoft Intune admin at your enterprise must log into the Microsoft Endpoint Manager admin center and navigate to the relevant MAM policy aka app protection policy that is associated to their enterprise's relevant Microsoft mobile apps. 


From the MAM policy, click on the Edit button within the "Data protection" section of the policy and find the "Save copies of org data" policy setting. Select "Block" and then under the "Allow user to save copies to selected services" dropdown, select "Box". This will block saving copies of org data outside of Box within the relevant Microsoft mobile apps associated to the MAM policy, i.e. saving copies of org data is allowed only within Box.

Note
If you can't edit Office files in Box for EMM (for example after enabling the Office Co-Authoring feature), enable saving to Box in Intune in the app protection policy. To do so, select Box in the Allow users to save copies to selected services setting*.

*Check the Microsoft documentation to make sure that the setting name is up to date.

 


End Users Enabling Box as a Managed Place

End users will first need to install the latest version of the relevant Microsoft mobile apps. Once installed, a user should navigate to the Open tab (folder icon) and in the "Other Storage" section, select "Add Storage Account" and then select Box. Once the end user has successfully authorized Microsoft to access their Box account, they're all set, and the relevant Intune MAM policies will be applied to the end user.

Related articles