When companies wants to make some mobile apps available to their workforce, they need to add the application to Intune and then Intune can deliver the application to the company portal for users to get a hold on. The device can be iOS, Android and Windows 10. Client applications comes in many forms, like line of Business (LOB), web, built-In or store for business applications.
In this scenario a bring your own device (BYOD) – “Android” device will be presented for a custom web link and Microsoft Word from the company portal. We will also protect Microsoft Word by an app protection policy.
Important: When we talk enrollment and manage of Android devices there are some prerequisites that most been meet. First setup and “link your managed Google Play account to Intune”:
Note: Follow this guideline for setting up the Google play account to Intune -> https://docs.microsoft.com/en-us/intune/connect-intune-android-enterprise
Note: In this test lab we are aiming to use enrolled device type for the manage part. Bring your own device (BYOD) with enrollment – the join type in Azure Active directory (AAD) will be Azure registered.
Important notes: In this scenario the groups that we used to assignments only contains users and not devices. We also is going for “Device enrolled with Intune” for the manage part as mentioned before. The following table lists the various options for assigning apps to users and devices:
|Clouddeployment||Devices enrolled with Intune||Devices not enrolled with Intune|
|Assign to users||Yes||Yes|
|Assign to devices||Yes||No|
|Assign wrapped apps or apps that incorporate the Intune SDK (for app protection policies)||Yes||Yes|
|Assign apps as Available||Yes||Yes|
|Assign apps as Required||Yes||No|
|Receive app updates from Intune||Yes||No|
|End users install available apps from the Company Portal app||Yes||No|
|End users install available apps from the web-based Company Portal||Yes||Yes|
Note: Remember this company portal can also be downloaded to iOS and Windows devices. Again we using an Android devices for testing. Remember its also required that a Microsoft account is used to login at Microsoft Store for Business to be able to download the company portal.
Note: As mentioned earlier in this scenario we are making a App protection policy for Microsoft Word only. We also selected all app types – see avaliable types:
Note: Now Microsoft Word is app protected and data loss provention is less likely.
Note: Remember as Intune service admin or global admin the mange possibilities from Intune or Azure portals: