BlueFletch Enterprise
  • BlueFletch Enterprise
  • Product Guides
    • BlueFletch Launcher
      • Configurable Layouts
        • Layouts
        • Orientation Options
        • Criteria
        • Widgets
        • Implied Groups
        • Kiosk Mode
        • Persistent Foreground App
        • Password Protected Applications
        • Quick Start Applications Folder
        • Layout Custom Actions
        • Replacement Values
        • Assets Manager
      • Theming
        • Configure Theme
        • Site-Specific Theming
        • Custom Field Display
      • Site Information Service
      • Custom Intents
        • Standard Android Intents
        • Platform Actions
        • Filtering
        • Technical Guide
      • Security and Safety
        • Clear App Data on Logout
        • Application Enabler
        • Disable Packages
        • Key Management
        • NFC Enable/Disable
        • Secure Notifications
        • Wi-Fi UI Settings Enable/Disable
        • Motion Activated Device Lock
        • Unique Login
        • Local Admin Password
        • Device Remote Lock
      • Device Loss Prevention
        • Low Battery Mode
        • Luggage Tag Mode
        • Secure Device Mode
      • Launcher Provider SDK
      • Load Configurations via QR Code Scan
      • Getting Started
      • Technical Guide
      • Release Notes
    • Authentication and SSO
      • Features
        • Secondary Authentication
          • PIN
          • Face Recognition
          • NFC Tag
          • Barcode
          • Alternate Secondary Authentication
      • Technical Guide
        • LDAP
        • AppAuth/OIDC
        • Okta (Session)
        • MSAL
        • ADFS 3.0/2012 Using ADAL
      • Release Notes
    • Support Application
      • Features
        • Events to Splunk
        • Logs to Azure
        • External Configuration Support
        • Application Usage History
        • Generating RxLogger Log Files
      • Technical Guide
        • Event Information
        • Event Examples
      • Support Installer
      • Getting Started
      • Release Notes
    • Device Finder
      • Features
        • Device Details
        • Device Status
        • View Site Devices
      • Technical Guide
      • Getting Started
      • Release Notes
    • Browser
      • Features
        • Custom Scripts
        • FIDO2 / Webauthn Support
        • URL AllowList and BlockList
      • Technical Guide
        • Configuring Browser
        • All Configuration
        • Available Intents
        • APIs and Page Actions
      • Release Notes
    • Chat
      • Features
      • Technical Guide
      • Getting Started
      • Release Notes
    • Playbook Agent
      • Features
      • Getting Started
      • Release Notes
    • Portal
      • Login & Logout
      • Navigation & Account Settings
      • Support Agent
        • Home
        • Device Details
        • Dashboards
        • Cards
        • Event Explorer
        • Reports
      • Enterprise Launcher
        • Creating a Configuration
        • Sending a Notification
        • Managing Sites
      • Playbook MDM
        • Playbooks
        • Plays
        • Devices
        • Deployment Groups
        • Zebra StageNow
      • EMM Console
        • Overview
        • Setup
          • Enroll Org in EMM
          • Policy Management
          • Provisioning
          • Device Management
          • Installing Playbook in EMM
        • Troubleshooting
          • Device Issues
          • Policy Issues
      • Chat Manager
        • Overview
        • Chat Roles
        • Chat Channels
        • Chat Audio Transcription
        • Message Logs
      • Admin
        • Organization
        • Single Sign On
          • Azure Setup
          • Okta Setup
          • Google Workspace Setup
          • Portal Setup
        • Users
        • Roles
          • Overview
          • Predefined Roles
          • Permissions
          • Manage Roles
        • Downloads
        • Agents
        • Key Management
          • Overview
          • API Keys
          • Device Keys
          • Device Restrictions
          • Allowed IP Addresses
        • Enterprise
        • Audit Logs
      • Event Forwarding
      • Remote Control
      • Getting Started
      • Release Notes
    • Other Applications
      • Messaging
        • Features
        • Technical Guide
        • Release Notes
      • Keyboard
        • Features
        • Technical Guide
          • How to: Set Keyboard as default
        • Release Notes
      • Bluetooth
        • Features
        • Release Notes
      • Voice Chat
        • Features
        • Release Notes
      • Device Remote Control
        • Features
        • Technical Guide
        • Release Notes
      • Device ID
        • Features
        • Technical Guide
        • Release Notes
      • Suite Installer
        • Technical Guide
        • Release Notes
      • Accessibility Enabler
        • Release Notes
      • EPM Plugin
        • Features
        • Technical Guide
        • Release Notes
    • Workforce Identity
  • Technical Documentation
    • Updating License Key
    • Commonly Reported Issues
    • Deploying BlueFletch Enterprise
      • Android 10 and 11
      • MDMs
        • Workspace One (VMWare AirWatch)
        • SOTI
        • Microsoft Intune
          • Microsoft Intune + Playbook
      • From Portal to Playbook Agent
Powered by GitBook
On this page
  • Deploying BlueFletch Enterprise via Microsoft Intune (Endpoint Manager) EMM
  • Overview
  • System Requirements
  • Getting Started with Intune
  • Preparing BlueFletch Portal to Integrate with Intune EMM
  • Approving Playbook App in Play Store
  • Assigning Playbook App
  • Creating App Configuration for Playbook
  • Checking for Compliance
  1. Technical Documentation
  2. Deploying BlueFletch Enterprise
  3. MDMs
  4. Microsoft Intune

Microsoft Intune + Playbook

Deploying BlueFletch Enterprise via Microsoft Intune (Endpoint Manager) EMM

Overview

While the most seamless user experience for the BlueFletch Enterprise application suite is device enrollment through BlueFletch's EMM, customers already using Microsoft Intune may prefer to deploy BlueFletch Enterprise to their devices through Intune. The steps below describe the most efficient way to utilize Intune for deploying BlueFletch applications; Intune can install Playbook Agent, BlueFletch's enterprise installer app, from the Managed Google Play Store, and it will serve as the primary tool to install all other BlueFletch apps.

System Requirements

  • License/Subscription for Microsoft Intune (Endpoint Manager)

  • BlueFletch Portal Access (contact ems@bluefletch.com for more information)

  • Zebra Android Device (running Android 6.0+)

Getting Started with Intune

1. Link Managed Play Google Play to Intune

First, ensure that your Intune environment is ready for Android Enterprise device enrollment and Managed Play Store deployments. To enable these features, you must first link a Managed Google Play account to Intune. Within Intune, navigate from the Home blade to Devices > Enroll Devices > Android Enrollment. For more information, please follow the guide from Microsoft.

2. Enroll Devices with Android Enterprise

Now that the prerequisites for Android Enterprise are complete, create an Enrollment Profile for Android devices. In the same Android Enrollment section in Intune, create an enrollment profile for corporate-owned dedicated devices.

Note: Other enrollment profiles can also be used, but the dedicated device option prevents associating enrolled devices with Azure Active Directory accounts and is ideal for shared-user enterprise Android devices. Please refer to the Microsoft documentation for more information regarding enrollment profiles.

3. Share Playbook App with Organization's Intune Enterprise

In order to access the Playbook Agent from the Managed Play Store for approval, BlueFletch must first share the app to your organization. Please reach out to your BlueFletch account manager for this request. The ID that needs to be provided can be found by following this guide from Google.

4. Auto Grant Permissions, Allow Unknown Apps, Allow Access to All Google Play Store Apps

In Intune, navigate to Devices > Android > Configuration Profiles. Click the + Create Profile button. Select "Android Enterprise" as the Platform and "Device Restrictions" as the Profile Type. Click Create. Name the profile “Grant All App Permissions & Allow All Apps” and select Next. Expand the General section and locate Default Permission Policy. Set the value to "Auto grant".

Scroll down and expand the Applications section. Locate Allow Installation from Unknown Sources and, directly below it, Allow access to all apps in Google Play store. Set the value for each to "Allow".

Click Next when those changes have been made.

Note: If your device admin has already designated a standard configuration policy, ensure these two settings have been included.

In the Assignments section, click Add groups and include the group(s) which contain the Zebra Android devices intended for Playbook deployment and click Next. For more information on creating groups and adding devices, please refer to this guide from Microsoft. Review the profile and then click Create when ready to deploy. This will pave the way for Playbook to automatically run and not require any user prompt acceptance/input.

Preparing BlueFletch Portal to Integrate with Intune EMM

1. Build Plays

Please refer to this guide for creating plays. Plays represent each single action in the process of Playbook Agent deploying BlueFletch Enterprise onto a device, such as downloading a file, installing an application, or invoking an intent.

2. Build Playbooks

Please refer to this guide for creating playbooks. Playbooks represent groups of plays. The Playbook Agent application uses playbooks to keep a device compliant with changes applied by a device admin.

3. Build Deployment Groups

Please refer to this guide for creating deployment groups. A deployment group is used to assign a playbook to a group of devices. A deployment group could represent a region or a single store.

Approving Playbook App in Play Store

After your BlueFletch account manager has confirmed Playbook has been shared to your organization (see Step 3 from Getting Started with Intune), navigate in Intune to Apps > Android. Click the + Add button. For App type, select "Managed Google Play app" and press Select. When the Google Play Stores opens, search for “BlueFletch” (quotation marks included). The Playbook Agent application should be shared with your organization. Reach out to your BlueFletch contact if it is not.

Click the Playbook icon and then click Approve.

On the pop-up for Permissions, click Approve.

Click Done with the radio button set to “Keep approved when app requests new permissions”.

Finally, click Select and then click Sync to return to the Apps list. Refreshing Apps should display Playbook, but there is often a delay; waiting 1-3 minutes may be required.

Assigning Playbook App

Once the Playbook app is approved for Intune, it must be assigned to a group so that it will show up on devices. Navigate to Apps > Android and select Playbook from the list. Select Properties and click the Edit button next to Assignments.

Under Required, click + Add group and select the group or groups that have the Zebra Android devices intended for Playbook deployment, the same group(s) selected in Step 4 of Getting Started with Intune. Make sure Group mode is "Included".

Press Review + save to review changes and then Save to apply.

Creating App Configuration for Playbook

To link the Playbook app to your BlueFletch Enterprise organization and deployment group, you must create an app configuration policy in Intune. Go to Apps blade and select App configuration policies.

Click + Add and select "Managed devices". Name the policy. Select "Android Enterprise" as the platform and "Fully Managed, Dedicated, and Corporate-Owned Work Profile Only" as the profile type. Select Playbook as the targetted app from the Associated app pane, and press OK and then Next to continue.

On Settings page, select "Use configuration designer" for the configuration settings format and click + Add. Select both available fields, "Organization Id" and "Deployment Group Id," from the side pane.

Leave the value type as String, and edit the configuration values to match your company's BlueFletch Enterprise Organization Id and Deployment Group Id. Press Next to continue to Assignments page, and click Add groups button from under Included groups. Select the group(s) that contain all Zebra Android devices (again, same groups as in Step 4 of Getting Started with Intune). Press Next to review and Create to save the policy.

Checking for Compliance

An admin can monitor the compliance of the device in Intune and in the BlueFletch Portal.

Intune monitors if a device conforms to its device compliance policies, has successfully installed all apps, and successfully applied device and app configuration profiles. To view these statuses, navigate to Devices > Android > Android devices. On the device list, each device will have a Compliance column, which correlates to the state of its device compliance profile.

Click on a device for more details. Under Monitor, the blades that track compliance are Device compliance, Device configuration, App configuration, and Managed Apps. Device compliance displays the compliance policy or policies on that device and their state, which may be "Compliant", "Not Compliant", or "Not Evaluated". Device configuration displays the configuration(s) that pertain to the device and whether the device successfully implemented them.

App configuration displays any configuration profiles that have been applied to the device, such as setting the Deployment Group ID and Organization ID for Playbook, as described above, and whether it was successfully applied to the device. Managed Apps displays all the Managed Google Play Store apps available for the device to install and the current installation status of each.

The BlueFletch Portal monitors if a device has successfully run all the plays in its assigned playbook. An admin can view this in Playbook MDM under the Devices subtab.

PreviousMicrosoft IntuneNextFrom Portal to Playbook Agent

Last updated 10 months ago

Grant Permissions
Allow Apps
Assign Groups
App Configuration Policy
App Configuration Settings
Compliance Androids
Compliance Device Config
Compliance Managed Apps