Microsoft Intune

Overview

Intune, or Endpoint Manager (endpoint.microsoft.com), is Microsoft's mobile device manager (MDM) and enterprise mobility management (EMM) solution. While several of its prominent features are Windows-specific, it also supports Android devices and is an Android Enterprise Recommended solution.

System Requirements

  • License/Subscription for Microsoft Intune (Endpoint Manager)

  • BlueFletch Portal Access (contact ems@bluefletch.com for more information)

Getting Started with Intune

First, ensure that your Intune environment is ready for Android Enterprise device enrollment and Managed Play Store deployments. To enable these features, you must first link a Managed Google Play account to Intune. Within Intune, navigate from the Home blade to Devices > Enroll Devices > Android Enrollment. For more information, please follow the guide from Microsoft.

2. Enroll Devices with Android Enterprise

Now that the prerequisites for Android Enterprise are complete, create an Enrollment Profile for Android devices. In the same Android Enrollment section in Intune, create an enrollment profile for corporate-owned dedicated devices.

Note: Other enrollment profiles can also be used, but the dedicated device option prevents associating enrolled devices with Azure Active Directory accounts and is ideal for shared-user enterprise Android devices. Please refer to the Microsoft documentation for more information regarding enrollment profiles.

3. Share BlueFletch Apps with Organization's Intune Enterprise

In order to install BlueFletch applications from the Managed Play Store, BlueFletch must first share the apps to your organization. Please reach out to your BlueFletch account manager for this request. The ID that needs to be provided can be found by following this guide from Google.

4. Auto Grant Permissions, Allow Unknown Apps, Allow Access to All Google Play Store Apps

In Intune, navigate to Devices > Android > Configuration Profiles. Click the + Create Profile button. Select "Android Enterprise" as the Platform and "Device Restrictions" as the Profile Type. Click Create. Name the profile “Grant All App Permissions & Allow All Apps” and select Next. Expand the General section and locate Default Permission Policy. Set the value to "Auto grant".

Scroll down and expand the Applications section. Locate Allow Installation from Unknown Sources and, directly below it, Allow access to all apps in Google Play store. Set the value for each to "Allow".

Click Next when those changes have been made.

Note: If your device admin has already designated a standard configuration policy, ensure these two settings have been included.

In the Assignments section, click Add groups and include the group(s) which contain the Android devices intended for BlueFletch app deployment and click Next. For more information on creating groups and adding devices, please refer to this guide from Microsoft.

App Deployment

  1. In Microsoft Intune console, navigate to Apps > Android.

  2. Select Add, and then from the dropdown select "Managed Google Play app". Press Select at the bottom of the page.

  3. Once inside the Google Play iFrame, select the Sync button. This will bring you back to the previous page.

  4. Repeat step 2 above now that your apps have been synchronized, to return to the Google Play Store iFrame.

  5. You should see a list of applications that have been shared with your organization. If you do not see any applications, reach out to your contact at BlueFletch for assistance.

  6. Locate one of the applications that you want to deploy to your devices and click on it. Press the Select button. Press the back button to get back to the list of BlueFletch apps, and then select another one. Repeat this process for all BlueFletch apps that you would like to deploy.

  7. Once you have selected all the apps you would like to import from Google Play, press the Sync button in the top-left corner of the Google Play iFrame. You will be brought back to the Android Apps page of Intune.

  8. Wait a minute or two for the synchronization to complete, and then press the refresh button. You should now see the apps in the Android apps list within intune.

  9. Click on one of the applications and then select Properties tab from the left-hand side.

  10. Next to Assignments select Edit.

  11. Add a new "Required" group, user, or device assignment.

  12. Once the assignment has been created, select the Production button underneath where it says tracks. In the window that opens up, select the Tracks dropdown, and put a checkmark next to the latest version available. Note that the production version will remain checked, but this is okay; Intune always deploys the newest version selected.

  13. Once you have selected the latest version, select OK. Add any other assignments you want and then select Review + Save. On the next screen, select Save.

  14. Repeat the above steps 10 through 14 for each of the apps you wish to deploy.

Configuring BlueFletch Apps

  1. Most of the BlueFletch apps are configured using the launcher.json file. This file can be created using the GUI within the BlueFletch Portal under Enterprise Launcher > Configurations (reach out to your BlueFletch contact if you do not have access), or by editing the raw JSON. The available parameters/settings can be found in the Launcher Technical Documentation. Your BlueFletch contact can help you set up this configuration file.

  2. Once you have created a configuration file, you will need to deploy it via an App Configuration Policy.

  3. In Intune, go to Apps > Policy > App Configuration Policies

  4. Select Add > Managed Devices

  5. Enter a name for the policy, select "Android Enterprise", and select "Fully Managed, Dedicated, and Corporate-Owned Work Profile Only". Click on Select App, and select "EMS Launcher", and "OK". Select Next.

  6. Under configuration settings format, select "Use Configuration Designer".

  7. Under where it says "Use the JSON editor to configure the disabled configuration keys.", select the +Add button. Select all three checkboxes, and press OK.

  8. Enter the URL and checksum for the configuration file you wish to deploy to your devices (note that this can be found by pressing the Copy URL and Copy checksum buttons on the Enteprise Launcher configuration you created on the BlueFletch Portal). Enter your BlueFletch Organization ID (which can be found on the BlueFletch Portal under Admin > Organization).

  9. Select Next.

  10. On the following page, assign the app configuration policy to the same group as the EMS Launcher app is deployed to.

  11. Click Next. Click Create.

Last updated