Integrate MicroStrategy Mobile for iOS with Microsoft Intune

You can use the Microsoft Intune platform to add an extra layer of security to iPhones and iPads that are running MicroStrategy Mobile. Instructions for integrating MicroStrategy Mobile with Intune are provided below. Please note that this covers integrating the MicroStrategy Mobile SDK (also known as the AppConfig version of the apps) for Intune or the apps directly from the iTunes store.

• Prerequisites
• Setting up the Intune environment
• Optionally, enabling Integrated Authentication for Azure AD single sign-on

You can choose the level of security that you want Intune to apply using the Data Loss Prevention when creating App Configuration Policies. For detailed information, refer to your Intune documentation.

• You can enable Data Loss Prevention to protect sensitive data in applications. When you enable this setting, some features are automatically disabled, but you can separately control other actions that involve transmitting data back and forth such as copying and pasting, printing, and taking pictures.
• When you do not enable Data Loss Prevention, you can perform almost every out-of-the-box MicroStrategy Mobile data transfer.

The level of security you choose is determined by the stringency of the security requirements in your environment versus the need for less restrictive data transfer.

Prerequisites

The following are required to deploy the MicroStrategy Mobile application with Intune support.

• Your organization must be enrolled in the iOS Developer Enterprise Program. For information about this program, visit the iOS Developer web site.  
• See What's New in the Mobile SDK for iOS for the Xcode and Apple iOS SDK versions you need to use to develop and compile your application. Previous versions can be downloaded from the Apple Download site.
• You must create a wildcard App ID for your application, using the iOS Provisioning Portal. A wildcard App ID is of the form [BundleSeedID].*, where:  
  • BundleSeedID is an alphanumeric code that is generated by Apple when you create the App ID.  
  • The asterisk (*) is a placeholder for the Bundle Identifier of the App ID. The Bundle Identifier is used by iOS to identify the application on your device. You set the value of the Bundle Identifier property in the property list file of your Xcode project. You replace the value of the asterisk (*) with an appropriate string using reverse-DNS format, com.yourCompanyName.YourAppName. For example, we use the default value—com.microstrategy.iPad for an iPad app or com.microstrategy.MSTRMobile for an iPhone app—to integrate with Intune.

  Intune allows customers to upload their mobile applications via their Intune Console or select apps directly from the Apple App Store. There is no need to set up a local app or web server.

Setting up the Intune environment

To set up your Intune environment so users can install the MicroStrategy Mobile application with Intune support on their mobile devices, perform the administrative tasks listed below. For a detailed explanation of how to perform these tasks, refer to the Intune Mobile Application Management Guide.

1. Register yourself on Intune.
2. Distribute the app:
   1. Using the Apple App Store.

      Intune can support both public and internal apps. In Intune, public apps are described as iOS store apps, which are downloaded from the App Store.

      For instructions, see Add the iOS store apps to Microsoft Intune.

   2. Using an .ipa file.

      Internal app (the. ipa build from our DMG) is described as an iOS line-of-business app, which is uploaded by your administrator.

      Once the app is distributed, you can find it in the Apps section of Company Portal on your device. You can choose to install the app on your device.

      For instructions, see Add an iOS line-of-business app to Microsoft Intune.

3. Set security policies and configurations within the Intune Console, depending on your requirements.

   In Intune, you can create configurations and restrictions with App configuration policies and assign them to an app and user groups. For iOS, the configurations can be set for apps from both the App Store or from an uploaded .ipa file. The configurations can be set via an XML preference file or by the key-value configuration editor available in Intune.

   To set your configurations using the key-value configuration editor available in Intune:

   1. In Intune, choose the Client apps workload.
   2. Choose App configuration policies in the Manage group, and choose Add.
   3. Set the following details:
      • Name - The name of the profile that appears in the Azure portal.
      • Description - The description of the profile that appears in the Azure portal.
      • Device enrollment type - Choose Managed devices for devices that have been enrolled in Intune.

   4. Select iOS for Platform.

   5. Choose Associated app. Then, on the Associated app pane, choose the managed app to which you want to apply the configuration and select OK.

   6. On the Add configuration policy pane, choose Configuration settings.

   7. Select Use configuration designer from the Configuration setting format drop-down.

   8. Enter key-value pairs to enable certain functionality. Note that the iOS Configurations are in XML format, it is not possible to include '&' in a string property.

      

      If you want to configure the ConfigurationURL to make the app apply it during the first launch, use an XML format configuration file instead of the key-value configuration editor. To use an & in a string property, enter &

      For example

      <dict>
      <key>ConfigurationURL</key>
      <string>mstr://?url=http%3A%2F%2Fdevce-ctc-1.labs.microstrategy.com%3A80%2FMicroStrategyMobile%2Fasp%2FTaskProc.aspx%3FtaskId%3DgetMobileConfiguration%26taskEnv%3Dxml%26taskContentType%3Dxmlanf%26configurationID%3D1f6fdc00-f228-44a7-bfbb-848531f46e84&amp;authMode=1&amp;dt=2</string>
      </dict>
      

      When the app is downloaded on a device, the configurations are loaded from a managed configuration in NSUserDefaults, the same as when using the AppConfig app with any of the certified AppConfig vendors. These values will pre-configure and control the behavior of the app. For more information, see Add app configuration policies for managed iOS devices.

4. Add the users and devices in your organization that are allowed to use the mobile application.

   1. In Intune, select Client Apps.
   2. In the Manage section, select Apps. Select the app you want to assign.
   3. In the Manage section, select Assignments.

      

   4. Select Add Group to open the Add group pane that is related to the app.

   5. For the specific app, select an assignment type:

      1. Available for enrolled devices: Assign the app to groups of users who can install the app from the Company Portal app or website.
      2. Available with or without enrollment: Assign this app to groups of users whose devices are not enrolled with Intune. Users must be assigned an Intune license.
      3. Required: The app is installed on devices in the selected groups. Some platforms may have additional prompts for the end user to acknowledge before app installation begins.

      4. Uninstall: The app is uninstalled from devices in the selected groups if Intune has previously installed the application onto the device via an "Available for enrolled devices" or "Required" assignment using the same deployment. Web links cannot be removed after deployment.

         If you have created an iOS VPN profile that contains per-app VPN settings, you can select the VPN profile under VPN. When the app is run, the VPN connection is opened.

   6. Once the app is assigned, you can find and download it in the Apps section of Company Portal.

      For more information, see Assign apps to groups with Microsoft Intune.

5. Install the Intune Company Portal on your device.

   In order to use the MicroStrategy Mobile app with Intune, the Intune Company Portal must be downloaded from the Apple App Store on each device where the app is deployed. Upon logging into Intune, users may be prompted to enable a Management profile on the device so that the MicroStrategy app can be managed by Intune.

   After installation, you are redirected to the Company Portal. For more information, see Enroll iOS devices in Intune.

6. Configure Per-App VPN.

   For information, see Create VPN profiles in Intune.

Optionally, enabling Integrated Authentication for Azure AD single sign-on

For information, see KB483178.