Mobile Application Management (MAM)
What is Mobile Application Management (MAM)?
Mobile Application Management (MAM)Controls that protect corporate data inside specific mobile applications without taking full management of the underlying device.
MAM enforces policy at the app layer: data-loss prevention (no copy/paste to personal apps), app-level encryption, conditional access, selective wipe of corporate data, and required app version. Solutions such as Microsoft Intune App Protection, Workspace ONE, and Android Work Profile rely on platform APIs (iOS Managed App Configuration, Android Enterprise) or SDKs that wrap business apps. MAM is the typical choice for BYOD because the employer manages only the work apps and not the personal phone, preserving user privacy. It is weaker than full MDM against a compromised device, so it is often combined with device-trust signals and zero-trust access conditions.
● Examples
- 01
An Intune App Protection policy blocks copy/paste from Outlook into a personal note-taking app.
- 02
When an employee leaves, the company triggers a selective wipe of corporate apps on their personal phone.
● Frequently asked questions
What is Mobile Application Management (MAM)?
Controls that protect corporate data inside specific mobile applications without taking full management of the underlying device. It belongs to the Mobile Security category of cybersecurity.
What does Mobile Application Management (MAM) mean?
Controls that protect corporate data inside specific mobile applications without taking full management of the underlying device.
How does Mobile Application Management (MAM) work?
MAM enforces policy at the app layer: data-loss prevention (no copy/paste to personal apps), app-level encryption, conditional access, selective wipe of corporate data, and required app version. Solutions such as Microsoft Intune App Protection, Workspace ONE, and Android Work Profile rely on platform APIs (iOS Managed App Configuration, Android Enterprise) or SDKs that wrap business apps. MAM is the typical choice for BYOD because the employer manages only the work apps and not the personal phone, preserving user privacy. It is weaker than full MDM against a compromised device, so it is often combined with device-trust signals and zero-trust access conditions.
How do you defend against Mobile Application Management (MAM)?
Defences for Mobile Application Management (MAM) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Mobile Application Management (MAM)?
Common alternative names include: MAM, App-level management.
● Related terms
- mobile-security№ 697
Mobile Device Management (MDM)
Software that lets an organization enroll, configure, monitor, and remotely wipe iOS, Android, macOS, and Windows endpoints from a central console.
- mobile-security№ 382
Enterprise Mobility Management (EMM)
An integrated platform that combines MDM, MAM, identity, content, and access controls to manage mobile devices and apps across an enterprise.
- mobile-security№ 123
Bring Your Own Device (BYOD)
A workplace model in which employees use their personally owned smartphones, tablets, or laptops to access corporate applications and data.
- mobile-security№ 694
Mobile App Security
The practice of designing, building, and testing iOS and Android applications to protect user data, prevent reverse engineering, and resist runtime tampering.
- privacy№ 278
Data Loss Prevention (DLP)
A set of technologies and policies that detect and block unauthorized exfiltration of sensitive data across endpoints, networks, email, and cloud services.