Enable Fingerprint instead of PIN in MAM (Mobile Application Management)

We can use Azure Intune App Protection to manage mobile application without enrolling them to Intune. In this way users doesn’t want to enroll the device using company portal as used in Intune Mobile device management. Instead of that we can create a policy in Intune App Protection and assign it to user group. When the user use their company email address to login to those companies applications the policy automatically identify the user and apply policy to mobile devices.

From today’s post I’ll walk-through how to enable fingerprint instead of PIN

First I have to create group in Office 365 which this policy applies. For this demo I created a user called MAM User and added to the android user group in office 365.

Next login to Azure portal and open Azure Intune App Protection and open App Policy blade.

Select add policy to create new policy.To create a new policy follow following steps

  1. Click App Policy
  2. Click Add Policy to create new policy
  3. Add Policy blade give name to policy and select the platform (Android/IOS)
  4. In Select Required Apps select the apps company wish to manage using App Protection
  5. Select the Apps from the list

Next click the settings in Add Policy blade to configure various settings applied to this policy.

In the Policy settings make sure to enable as follows.


After configure the policy click create.

Next click the created policy and then navigate to user group to select the user group the policy applies.

In user group blade we can select the user group policy applies. click Add user group to add group from list.

Next login to the outlook email app android phone you will prompt to enter finger print instead of the PIN.

NOTE- for android phones we need to install the Intune Company Portal but we don’t want to enroll the device, for more info refer this link.