Download Microsoft Azure Information Protection Tool (AIP) for your Devices


Good Day!

In case if you need to download the AIP tool for your relevant device type as a viewer or owner, kindly look in to the below URL’s and get it download for yourself.

If you are a Windows Desktop User click the below link to get the latest Application.

For MAC, iOS and Android Users, you can refer to the below link.


Note– However, mobile device users such as Android, Windows Mobile and iOS users can go to their relevant App Portal (Apple Store, Play Store and Windows Store) and search for the Microsoft Information Protection App and get it installed to read the protected documents.


Configure Android for Work Binding for Microsoft Intune


Step 3- Log in to Google using your Google Account.
On Google’s sign-in page, enter the Google account that will be associated with all Android for Work management tasks for this tenant


Step 4- Finally Click Confirm Tab to Complete the BIND of Android for Work with Microsoft Intune portal.


Step 5- Click Complete Registration.


Step 6- After the Registration Completes, you can see the Integration status of Android for Work + Microsoft Intune. Once the Sync is Complete, you will be able to visible Work Application you have purchased under Volume Purchased App Location. Check Figure 7.


Step 7 – Volume Purchased App Location as below. All the apps which you have purchased can visible in the below location


Note- The same method you can use for iOS Devices as well and all the Apple Volume Purchase Program (Apple – VPP) can integrate too.

How to Manage Rooted Devices Using Intune Mobile Application Management Policies


In this Blog I am going to show you how we identify the Rooted devices which your users are using in your environment. This is basically covering under Microsoft Intune Mobile Application Management feature. Basically, here we protect LOB Apps using MAM Policies but WITHOUT Enrolling it with Intune. So how we do this ?

It is very straight Forward.

Step1- Create an Application Policy based on my Previous Blog Article which mentioned HERE.

Step2- On the Policy Configuration Tab, Configure the below option in case if you need to identify the Rooted devices. In this scenario, I am going to use the Android Device which I have rooted using Cynogen Mode :).

Note- In case if you Don’t want Users to Access using the Rooted devices, You can simply Block them even without letting them to open any of the LOB Documents.


Step 3- Once you configured Policies based on the above way, you will get a Notification on the Dash Board Under the Flagged Users area as shown in below screen.


Step 4- Further, when you click the Flagged User Tab, you can find the User and the Device Details as follows.


Step 5- In case if you Block the Rooted Device for users you will get a notification like this in your device.


Hope the above step gives you some idea how to manage Rooted Devices.


Protect line-of-business apps and data on devices that are not enrolled in Microsoft Intune

Note- Before you add the Line-Of-Business Apps to the MAM Portal, make sure to WRAP it using Android App Wrapper Tool.

Step-1 Go to and search for Intune Mobile Application Management


Step2- Go to App Policy and Create a New Policy using Add a Policy Option


Step 3- Type a Name to the Policy and Select the Mobile Platform Version. So in my case I have selected the platform as Android.


Step 4- After that finished just add the Application which you want to Manage. By default, there are few applications available and in case if you have inhouse developed application, you can add it as well. In this case I am going to add a custom application.


Step 5- Click More Apps and Type the Package ID which basically goes as This you can get from the developer. Package ID is the identifier for your LOB app. Once you add the wrapped app in to the More Apps, you will be able to see it listing down in your Application list.


Screen clipping taken: 07/06/2017 14:54


Screen clipping taken: 07/06/2017 14:42

Step 6- Once that is completed, Next you have to configure the policies for your Application. Basically in here you can configure all the policies you want to bind with your app. Click Create option once you completed these configurations.


Step-7- Once the policy creation is done, you must assigned the users to the same policy. The user who is signed in to this app will get all the policies you have define in this policy settings.


Step 8- Click Assignments to Add user Groups. In my case I have a separated user group for Android users only. Click Select Option to add the user groups.


Step 9- Once the above completion is done you must install the LOB app in to your device and try to access it and see how the behaviour is and further the policies you have define is working or not.

In addition to that on the main page you will get all the notification for these and even if user is using a Rooted device, you will get the notification under Flagged Users View.


How to Add a Friendly Name to Configuration Manager Application Catalog Web Portal

In case if you need to hide your server name in Configuration Manager App Catalog or if the default name is too long to remember, you can simply follow the below steps to Add a friendly name to it.

Step- First you must Create a CNAME based on follow screen. You can use any Alias name you prefer for this.


Step 2- Once the CNAME creation completed, make sure to Restart the DNS service.


Step 3- Once the DNS Restart competed, Open the IIS Server in Configuration Manager server and Go to Binding under Default Web Site.


Step 4- Add a New Binding under the Host Name and Type the Same FQDN (Friendly Name) which you mentioned in your CNAME Record.


Step 5-Once the Binding settings done, Restart the IIS service and Open the Configuration Manager Server Console. Remove the existing Application Catalog Website and Change the Web Application Name the way you want and also Change the Netbios Name which going to use for the App Catalog URL.


Step 6- After that, Go to Configuration Manager Agent Settings and Under Computer Agent / Set Website/ Select the NetBios Name and Save the Client Settings. Once that is completed, manually push the Computer Policies to the device collections.


Step 7- After a while verify the URL works with new name.


How to Resolve Sync Error in Windows Store for Business in Configuration Manager

If you are experiencing the Sync Failed error in Windows Store For Business in Configuration Manager as shown in below, kindly verify with the WsfbSyncWorker.log. Based on that you can resolve the error.

For an example you can refer the below scenario.



Step- Check the Log file and filter the error you are seeing, In my example it is about permission,


Step- Verify the Windows App store local folder has the enough write or not, Once it is confirmed, Re-Sync and verify



Step- Once the Sync Completed, you must visible your apps as below.



How to Add Windows Store for Business Portal in to Configuration Manager

Hi Everyone,

This article describe you, how you do the integration of Windows Store For Business with your existing Configuration manager server.

Step 1- First make sure the Windows Store For Business Integration feature is Enabled. If not Kindly Enable it indicated in below screen shot.


Step 1- Login to Azure Portal and Select Applications Pillar and Select Add option.


Step 2- Select Add an Application my organization is developing.


Step 3- Then enter a Name and select Web Application and/or Web API. Click Next


Step 4- In the next b, Enter the same URL under the Sign-on URL and App ID URI sections. This can be any URL and does not need to actually resolve to an external address.


Step 5- Once the Sigviewn-On URL and APP ID URI have been verified, complete the wizard. Now we will need to create a client key in Azure Active Directory for the registered management tool. Choose the application that you just created in the previous steps, and click Configure.


Step 6- Then Under the Keys section, select a duration from the list and Save. This will create a new client key. Ensure that the configuration for the application is successfully updated with the key before moving on.


Step 7- On this step, we will need to add Configuration Manager as a management tool in the Windows Store for Business.

Browse to and sign in.


Step 8- Then, Under the Management Tools section, choose Add a Management Tool.


Step 9- Kindly Note that only one management tool can be active at a time. Therefore, if you already have another management tool activated, it will need to be deactivated before going through the next steps.

Once that is confirmed, You will see box which says Search for tool by name. Type in the name of the application you created in Azure Active Directory in the previous steps and click Add.


Step 10- After that Click Activate next to the application that was just imported.


Step 11- When you click activate, you will be prompted to Show offline-licensed apps. Click Yes in case if you plan to deploy Offline applications.


Step 12- Also Make sure to add any sample app to you Windows Business Store to test out the deployment of the app. For that You can use the Shop option and add the app which you want.


Step 13- Once that is added, to verify Click Manage / Inventory and verify the App is available.


Step 14- Once the above setting are done, next we need to configure the Configuration Manager settings for Business Store.

Go to Administration – Cloud Services – Windows Store for Business. Choose the option to Add Windows Store for Business Account.


Step 15- On the General Page Click Next to continue


Step 16- On the Configuration Page fill the required fields.


Step 17- Once you verify the settings, in Next menu Select the Language and Click Next


Step 18- On the Summary Click Next and Finish the Windows Store for Business adding.



Step 19- Once That is done, Create Package using the Software Library and Push to the Devices.