Appendix A - Differences between Intune MAM and Intune EMM

	Intune MAM	Intune EMM
Deployment
Company Portal installed - Android	Must	Must
Company Portal installed - iOS	Need either Company portal or Authenticator	Must
Authenticator app installed - Android	Not needed	Not needed
Authenticator app installed - iOS	Need either Company portal or Authenticator	Not needed
One touch (MSFT Sign in from device)	√	√
Zero-touch deployment	X (No App-Config)	√
Protection
Apps analysis - Android	√	√
Apps analysis - iOS	√ - Only managed Apps	√ - if personal apps are discoverable by Intune
Network vector (e.g. MiTM)	√	√
OS Exploits	√	√
Jailbreak/root detection	√	√
ONP (Anti-phishing, download prevention, anti-bot, URLF, etc.)	√	√
ONP with SSL Secure Sockets Layer. The standard security technology for establishing an encrypted link between a web server and a browser.	√	√
Mitigation
Intune Conditional Access AAD	√	√
Harmony MobileConditional Access (ONP)	√	√
All Actions supported in Intune *	According to MSFT Docs	According to MSFT Docs

Note - See device compliance configurations here

Deploying a CA certificate using Zero-Touch for HTTPS Traffic Inspection

Generate and download the certificate from you Infinity Portal dashboard:

In your Infinity Portal dashboard, go to Policy > Global > On-device Network Protection > click on Configure:
Under HTTPS Settings toggle HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi. to be ON.
Under Inspection CA, select Central CA for MDM deployment and click Generate Certificate.
Validate the name, click on Download and on OK:

Note - When using different policies for device groups, the enforcement of the certificate pushed by UEM Name may take up to 24 hours on iOS devices.

In case the Global Policy is being used for the entire fleet of devices this limitation is not relevant.