How to prepare your LOB app for Intune?December 10, 2016
One of the aspects I struggled with Intune is to wrap an LOB app. In the first cut, it feels like just wrapping the app is enough. But, you need to understand some subtle architectural aspects to get your wrapping right.
App featuresTo get started, let's start with app features.
- App uses Azure AD authentication
- App is a hybrid and uses Cordova (Supports iOS and Android)
- App communicates with Sharpoint online (via REST) and set up as a Azure AD native application. Thus, conditional access is involved here.
- "Send logs via email" - this feature is important as wrapping the application will restrict the email/data sharing capabilities based on the policy
- Using Intune Wrapping Tool
- Use the Cordova plugin
When it came to Intune SDK, the integration experience was better. If you see the feature comparison, SDK has a little more to offer. But, I suggest you weigh your options based on the checklist provided in the article.
There are two ways you can do this.
- Pure MAM (configured in Azure Portal)
- MAM with MDM (configured in Intune portal manage.microsoft.com)
- Always install ADAL plugin and Intune-mam plugin separately.
- cordova plugin add cordova-plugin-ms-adal
- cordova plugin add cordova-plugin-ms-intune-mam
- For android I couldn't find a way to wrap the application using Android Studio. I got to do it the cordova CLI way - "cordova build"
- Don't update gradle from 2.2.1 to 2.14.1. It ran me into multiple issues. Refer to https://developer.android.com/studio/releases/gradle-plugin.html#updating-gradle for more details.
- The bug is listed @https://github.com/AzureAD/azure-activedirectory-library-for-android/issues/724. The bug should be fixed in Android Studio 2.3. I was using Android Studio 2.2.1
- Finally, error looks like this "com.microsoft.aad.adal.AuthenticationCallback"'s signer information does not match signer information of other classes in the same package"
- Other issue is with intune plugins conflict with already existing push notification plugin in Android. http://stackoverflow.com/questions/27043933/install-failed-duplicate-permission-c2d-message
- One important aspect is to setup your keystore for signing Android APK. Please follow the instructions @ https://docs.microsoft.com/en-us/intune/develop/intune-app-sdk-cordova#how-to-build-the-plugin-into-your-android-app
- If you need to reinstall the plugin for some reason always remove and add iOS platform. It will solve lot of issues.
- cordova platform remove ios
- cordova platform add ios
- If you are facing build issues, it means you have NOT installed ADAL and Intune-MAM plugin one after another. In Xcode navigate to Target's build settings and navigate to Other Linker Flags and try removing the some of the -force_load parameters
- Please read https://docs.microsoft.com/en-us/intune/deploy-use/use-apps-with-mam-ca to understand how it actually works.
- Android works with Company Portal App. iOS needs Azure Authenticator and Company Portal App to make it work.
- Android (app identifier: com.jda.internal.mytestapp)
- Microsoft.ADAL.AuthenticationSettings.setUseBroker(true) works only with Android. iOS doesn't need this. iOS works with URISchemes to get things done
- Next step is to prepare a redirect URI. Modified full code is @https://gist.github.com/pradeepkumargali/70322dd0270e386f98686674fdbb10af .
- The above command will give you Base64UrlencodedSignature. But the actual url will look like msauth://com.jda.internal.mytestapp/ga0RGNYHvNM5d0SLGQfpQWAPGJ8=
- If your url is not right, please check your js console. An error will see right into you stating which URL should be configured in Azure AD redirect URI.
- There is nothing that should be at the app level for iOS. But, make sure you have Azure Authenticator app on the device along with Company Portal App. Otherwise, app will redirect adal to O365 login page and ask you to enroll. Once you click on enroll, it takes you to Company Poratal erroring the app is not setup in Intune Portal.
- But, the redirect URI should be configured in Azure AD redirect URI