Microsoft Intune · Application Management
Application Manager
Manages mobile and managed applications, can read device information and view device configuration profiles.
Scope: Application lifecycle management
Permissions
- Mobile apps - Full CRUD + Assign + Relate
- Managed apps - Full CRUD + Assign + Wipe
- Policy Sets - Full CRUD + Assign
- Filters - Full CRUD
- Cloud attached devices - View apps, Take app actions, View client details
- Managed devices - Read only
- Device configurations - Read only
- Microsoft Store for Business - Read
- Microsoft Defender ATP - Read
Common use cases
- Deploying line-of-business applications
- Managing app protection policies (MAM)
- Configuring app configuration policies
- Managing VPP/Apple Business Manager apps
Best practices
- Use for dedicated app deployment teams
- Combine with Policy and Profile Manager for full MAM/MDM
- Test app deployments to pilot groups first
- Use app categories and filters for organization
Security considerations
- Can wipe managed app data from devices
- Can deploy apps to all devices in scope
- Has read access to device information