Configure Android for Work Binding for Microsoft Intune

clip_image001[6]

Step 3- Log in to Google using your Google Account.
On Google’s sign-in page, enter the Google account that will be associated with all Android for Work management tasks for this tenant

clip_image002[4]

Step 4- Finally Click Confirm Tab to Complete the BIND of Android for Work with Microsoft Intune portal.

clip_image003[4]

Step 5- Click Complete Registration.

clip_image004[4]

Step 6- After the Registration Completes, you can see the Integration status of Android for Work + Microsoft Intune. Once the Sync is Complete, you will be able to visible Work Application you have purchased under Volume Purchased App Location. Check Figure 7.

clip_image005[4]

Step 7 – Volume Purchased App Location as below. All the apps which you have purchased can visible in the below location

clip_image006[4]

Note- The same method you can use for iOS Devices as well and all the Apple Volume Purchase Program (Apple – VPP) can integrate too.

How to Manage Rooted Devices Using Intune Mobile Application Management Policies

Hello,

In this Blog I am going to show you how we identify the Rooted devices which your users are using in your environment. This is basically covering under Microsoft Intune Mobile Application Management feature. Basically, here we protect LOB Apps using MAM Policies but WITHOUT Enrolling it with Intune. So how we do this ?

It is very straight Forward.

Step1- Create an Application Policy based on my Previous Blog Article which mentioned HERE.

Step2- On the Policy Configuration Tab, Configure the below option in case if you need to identify the Rooted devices. In this scenario, I am going to use the Android Device which I have rooted using Cynogen Mode :).

Note- In case if you Don’t want Users to Access using the Rooted devices, You can simply Block them even without letting them to open any of the LOB Documents.

clip_image001

Step 3- Once you configured Policies based on the above way, you will get a Notification on the Dash Board Under the Flagged Users area as shown in below screen.

clip_image002

Step 4- Further, when you click the Flagged User Tab, you can find the User and the Device Details as follows.

clip_image003

Step 5- In case if you Block the Rooted Device for users you will get a notification like this in your device.

clip_image004

Hope the above step gives you some idea how to manage Rooted Devices.

Thanks

Protect line-of-business apps and data on devices that are not enrolled in Microsoft Intune

Note- Before you add the Line-Of-Business Apps to the MAM Portal, make sure to WRAP it using Android App Wrapper Tool.

https://docs.microsoft.com/en-us/intune-classic/deploy-use/decide-how-to-prepare-apps-for-mobile-application-management-with-microsoft-intune

Step-1 Go to https://Portal.Azure.com and search for Intune Mobile Application Management

clip_image001

Step2- Go to App Policy and Create a New Policy using Add a Policy Option

clip_image002

Step 3- Type a Name to the Policy and Select the Mobile Platform Version. So in my case I have selected the platform as Android.

clip_image003

Step 4- After that finished just add the Application which you want to Manage. By default, there are few applications available and in case if you have inhouse developed application, you can add it as well. In this case I am going to add a custom application.

clip_image004

Step 5- Click More Apps and Type the Package ID which basically goes as com.app.xxxxxxx. This you can get from the developer. Package ID is the identifier for your LOB app. Once you add the wrapped app in to the More Apps, you will be able to see it listing down in your Application list.

image

Screen clipping taken: 07/06/2017 14:54

clip_image006

Screen clipping taken: 07/06/2017 14:42

Step 6- Once that is completed, Next you have to configure the policies for your Application. Basically in here you can configure all the policies you want to bind with your app. Click Create option once you completed these configurations.

clip_image007

Step-7- Once the policy creation is done, you must assigned the users to the same policy. The user who is signed in to this app will get all the policies you have define in this policy settings.

clip_image008

Step 8- Click Assignments to Add user Groups. In my case I have a separated user group for Android users only. Click Select Option to add the user groups.

clip_image009

Step 9- Once the above completion is done you must install the LOB app in to your device and try to access it and see how the behaviour is and further the policies you have define is working or not.

In addition to that on the main page you will get all the notification for these and even if user is using a Rooted device, you will get the notification under Flagged Users View.

clip_image010

How to Add a Friendly Name to Configuration Manager Application Catalog Web Portal

In case if you need to hide your server name in Configuration Manager App Catalog or if the default name is too long to remember, you can simply follow the below steps to Add a friendly name to it.

Step- First you must Create a CNAME based on follow screen. You can use any Alias name you prefer for this.

clip_image001

Step 2- Once the CNAME creation completed, make sure to Restart the DNS service.

clip_image002

Step 3- Once the DNS Restart competed, Open the IIS Server in Configuration Manager server and Go to Binding under Default Web Site.

clip_image003

Step 4- Add a New Binding under the Host Name and Type the Same FQDN (Friendly Name) which you mentioned in your CNAME Record.

clip_image004

Step 5-Once the Binding settings done, Restart the IIS service and Open the Configuration Manager Server Console. Remove the existing Application Catalog Website and Change the Web Application Name the way you want and also Change the Netbios Name which going to use for the App Catalog URL.

clip_image005

Step 6- After that, Go to Configuration Manager Agent Settings and Under Computer Agent / Set Website/ Select the NetBios Name and Save the Client Settings. Once that is completed, manually push the Computer Policies to the device collections.

clip_image006

Step 7- After a while verify the URL works with new name.

clip_image007

How to Resolve Sync Error in Windows Store for Business in Configuration Manager

If you are experiencing the Sync Failed error in Windows Store For Business in Configuration Manager as shown in below, kindly verify with the WsfbSyncWorker.log. Based on that you can resolve the error.

For an example you can refer the below scenario.

 

image

Step- Check the Log file and filter the error you are seeing, In my example it is about permission,

image

Step- Verify the Windows App store local folder has the enough write or not, Once it is confirmed, Re-Sync and verify

image

image

Step- Once the Sync Completed, you must visible your apps as below.

 

image

How to Add Windows Store for Business Portal in to Configuration Manager

Hi Everyone,

This article describe you, how you do the integration of Windows Store For Business with your existing Configuration manager server.

Step 1- First make sure the Windows Store For Business Integration feature is Enabled. If not Kindly Enable it indicated in below screen shot.

clip_image002

Step 1- Login to Azure Portal and Select Applications Pillar and Select Add option.

clip_image003

Step 2- Select Add an Application my organization is developing.

clip_image004

Step 3- Then enter a Name and select Web Application and/or Web API. Click Next

clip_image005

Step 4- In the next b, Enter the same URL under the Sign-on URL and App ID URI sections. This can be any URL and does not need to actually resolve to an external address.

image

Step 5- Once the Sigviewn-On URL and APP ID URI have been verified, complete the wizard. Now we will need to create a client key in Azure Active Directory for the registered management tool. Choose the application that you just created in the previous steps, and click Configure.

image

Step 6- Then Under the Keys section, select a duration from the list and Save. This will create a new client key. Ensure that the configuration for the application is successfully updated with the key before moving on.

image

Step 7- On this step, we will need to add Configuration Manager as a management tool in the Windows Store for Business.

Browse to https://businessstore.microsoft.com/en-us/managementtools and sign in.

clip_image009

Step 8- Then, Under the Management Tools section, choose Add a Management Tool.

clip_image010

Step 9- Kindly Note that only one management tool can be active at a time. Therefore, if you already have another management tool activated, it will need to be deactivated before going through the next steps.

Once that is confirmed, You will see box which says Search for tool by name. Type in the name of the application you created in Azure Active Directory in the previous steps and click Add.

clip_image011

Step 10- After that Click Activate next to the application that was just imported.

clip_image012

Step 11- When you click activate, you will be prompted to Show offline-licensed apps. Click Yes in case if you plan to deploy Offline applications.

clip_image013

Step 12- Also Make sure to add any sample app to you Windows Business Store to test out the deployment of the app. For that You can use the Shop option and add the app which you want.

clip_image014

Step 13- Once that is added, to verify Click Manage / Inventory and verify the App is available.

clip_image015

Step 14- Once the above setting are done, next we need to configure the Configuration Manager settings for Business Store.

Go to Administration – Cloud Services – Windows Store for Business. Choose the option to Add Windows Store for Business Account.

clip_image016

Step 15- On the General Page Click Next to continue

clip_image017

Step 16- On the Configuration Page fill the required fields.

clip_image018

Step 17- Once you verify the settings, in Next menu Select the Language and Click Next

clip_image019

Step 18- On the Summary Click Next and Finish the Windows Store for Business adding.

image

image

Step 19- Once That is done, Create Package using the Software Library and Push to the Devices.

clip_image022

Data Classification Using Azure Information Protection

Hi Everyone,

I have done a Video, which talk about, How we enable the Azure Information Protection for Data Classification ? Also How the rights Management protect those data. In the video, I have demonstrated all the steps which you need to carry out in order to Classify the data and Protect the data. The Data Classification is Enabled for Automatic Method. Kindly Click the Below URL to watch the Video.

Link- https://youtu.be/dTnw8nLM_ew

 

Thanks for Watching.