Mobile application management (MAM) takes a more granular approach to device management, focusing on specific applications and their data and how they access the network. Because it's a less invasive approach to controlling corporate data than mobile device management, MAM can be a useful tool for organizations and users alike. MAM also reduces the complexity of implementing application-level policies. Check out this list of iOS 7's MAM capabilities:
Application data protection. Apple iOS 7 automatically encrypts each App Store application's data. This data protection is tied to the passcode of the device. All users need to do to activate this extra layer of protection is enable a passcode on their iOS devices.
Managed "open in." This is a feature that allows IT to modify an iOS 7 device's profile to restrict which applications that data can be opened in. This prevents an untrusted or unauthorized application from gaining access to and potentially leaking private data.
It's important to distinguish between managed applications from the App Store and the unmanaged system applications that are built into iOS, such as the native mail and photo apps. IT cannot restrict users from going into their native photo application to send an image as an email attachment. But in a managed application, admins can restrict applications such as Dropbox from opening a file in any other application, such as Quickoffice.
Per app VPN. IOS 7 allows each application to have its own virtual private network (VPN) connection, which keeps the app isolated from other potentially untrustworthy applications on the same device. Per app VPN is very effective in combination with the new app-level data protection. Additionally, per app VPN can be on-demand, so the app connects to the VPN whenever the user opens the app. Encrypting the application's network traffic to and from the organization's private data stores mitigates the risk of Wi-Fi eavesdropping.
ICloud keychain. Starting with iOS 7.0.3, Apple added a hosted encrypted store of user IDs, passwords, Wi-Fi keys and credit cards. These are replicated to Apple's iCloud service and can be replicated to other iOS devices as well as Macs running OS X 10.9 (also called Mavericks). This feature is optional, and users can enable it with the setup assistant when they download the OS update. They can also turn it on from iOS Settings->iCloud >Keychain On. Apple has enabled the Safari Web browser to use the iCloud keychain, and third-party app developers can also use it.
Enterprise single sign-on. Between applications, iOS 7 now allows for a configurable shared keychain. If several internal business apps use a common authentication mechanism instead of having each app require a separate login, they could trust a single sign-on.
These utilities can readily edit the configuration profiles of iOS devices and deploy them. Other MAM features such as Enterprise SSO require app development to use.
Although iOS 7 offers more MAM capabilities for admins, companies with larger deployments may want to invest in a third-party MAM tool. Many MAM vendors have either shipped iOS 7-capable tools or are soon adding iOS 7 compatibility to their products.