Secure Mobile Access 12.4 Administration Guide

Microsoft Intune

SMA is enhanced to support Microsoft Intune. Microsoft Intune is a Microsoft cloud-based management solution for mobile device and operating system management. It aims to provide Unified Endpoint Management of both corporate and BYOD devices in a way that protects corporate data.

Integrating Microsoft Intune with SMA allows you to:

  • Set rules and configure settings on personal and organization owned devices to access data and networks.
  • Deploy and authenticate applications on devices both on-premises and mobile devices.
  • Protect company information by controlling the way how users access and share information.
  • Ensure devices and applications are compliant to organization security requirements.
  • Provides a much better EPC based control/feedback on managed/enrolled devices.

  • Helps administrators to enable more robust policy decisions based on intune's device state attributes.

In the current release, SMA and Microsoft Intune integration is supported only for Windows based managed devices.

Prerequisites:

  • SMA1000 build 12.4.1 version.
  • SMA1000 Standalone/CMS platforms
  • Azure account
  • Supported Client OS Windows
  • Supported clients: Connect Tunnel, WorkPlace (no browser dependency)

To configure Microsoft Intune

  1. Log in to Azure account as Administrator.
  2. Navigate to Azure Active Directory > App registration > New registration.

  3. Specify the details as shown in the below image and click Register.

  4. After successful registration, Application(client) ID, Directory (tenant ID) will be displayed, note it down for further usage.

  5. To set the permissions, select API permissions option under registered application and click +Add a permission.

    Under Microsoft APIs group, select Microsoft Graph API option.

    Select Application Permissions and under DeviceManagementManagedDevices group, select DeviceManagementManagedDevices.Read.All checbox.

  6. Click Add Permission.
  7. Once permission is added, select and add consent for the permission as shown below:

Configuring Microsoft Intune in AMC

To configure Microsoft Intune in AMC

  1. Log in to AMC.
  2. Navigate to User Access > End Point Control > Mobile Device Management Profiles.

  3. Click Edit.

    The following screen appears.

  4. In the Intune MDM Settings screen;
    1. Select Enable Microsoft Intune check box.
    2. In the Tenant ID field, enter Azure tenant ID.
    3. In the Client ID field, enter the application ID that has been registered in Azure ID.
    4. In the Client secret field, enter the secret key registered in Azure ID.

      All the above fields are mandatory.

      The above information are generated while configuring Microsoft Intune in Azure. For more details, refer to Step 4 in the above section.

    5. In the Request timeout field, set the timeout period for contacting the Microsoft Intune service. If the request times out, the attribute evaluation fails. The default request timeout period is 15 seconds.
  5. Click Test Connection and Save.

Creating Windows Profile with Intune Attributes

In the current release, SMA and Microsoft Intune integration is supported only for Windows based managed devices.

To create Windows profile

  1. Log in to AMC.
  2. Navigate to User Access > End Point Control > Zones and Profiles > Profiles > Edit.

  3. In the Profiles tab, click + icon and select Windows to create a windows device profile.

  4. Enter the name and description for the profile.
  5. Under Add Attributes group, click Type drop-down and select Microsoft Intune .

  6. Set values for Managed, AAD registered, Compliant, Last sync, Device owner, and Encrypted fields based on your requirements.

  7. Once configuration is complete, click Add to Current Attributes.

    All the attributes are added to the Profile.

  8. In the AMC, add the created profile to a Zone and associate it to a Realm.
    1. Ensure the testing client is enrolled to Intune under same Azure directory where application is registered.

    2. For windows enrollment process, refer to the following Microsoft support documents.
    3. Install Connect Tunnel or log in from extra web to Intune Configured Realm.

      After successful login, if Intune profile conditions are satisfied, it should classify to Intune zone else it falls back to default or quarantine zone.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.