Publishing the WorkZone Mobile Android app on Microsoft Intune (Azure Portal)

Prerequisites:  

  • Internal domain users are synced to Azure Active Directory and user groups with access to WorkZone Mobile exist.
  • Conditional access policies are created. See Set up security and access from mobile devices.
  • Intune is set up so that mobile devices are managed and the devices are marked as "in compliance" by Intune.
  • Managed Google Play account must be synchronized:

Log in to the Microsoft Azure portal.


Add Microsoft Authenticator, Intune Managed Browser, and the Microsoft Office apps

Optionally, you can add the Microsoft Authenticator app, the Intune Managed Browser app, and a number of Microsoft Office apps to improve user experience with the WorkZone Mobile application.

  1. Go to Microsoft Intune.
  2. Click Client apps > Apps.
  3. Click Add. In the App type field, select Store app > Managed Google Play.
  4. Click Managed Google Play / Approve in the menu.
  5. Enter Microsoft Authenticator in the search field and select Microsoft Authenticator among the available options.
  6. Click Select and then click Add.
  7. Enter Intune Managed Browser in the search field and select the application.
  8. Click Select and then click Add.
  9. Enter Microsoft in the search field and select the applications that you want to add.
  10. Click Select and then click Add.


Add the WorkZone Mobile app

  1. Go to Microsoft Intune.
  2. Click Client apps > Apps.
  3. Click Add. In the App type field, select Store app > Managed Google Play.
  4. Click Managed Google Play in the menu.
  5. Enter WorkZone in the search field and select WorkZone published by KMD A/S.
  6. Click Approve.
  7. Click Approve.
  8. Select the following setting and click Save.
  9. Click OK.
  10. Click the Sync button.
  11. Click Assignments. Select Selected groups in the Assign to list. Click Select groups to include and select EMS_Licensed_Users. Click Select and then Save.


Create an App configuration policy for Android

WorkZone Mobile supports pushing certain connection settings to the mobile devices through Intune. This is done by creating an app configuration policy and assigning the policy to the app users.

  1. In Intune, click Client apps > App configuration policies.
  2. Click Add, and fill in the required information (see an example below). In the Associated app, select the WorkZone. Click OK.

3. Click Configuration settings and select Enter JSON data in the Configuration settings format list. Adjust your data.

{

"kind": "androidenterprise#managedConfiguration",

"productId": "app:dk.kmd.workzone",

"managedProperty": [

{

"key": "mamserverurl",

"valueString": "[URL to your WorkZone server]"

},

{

"key": "mamredirecturi",

"valueString": "msauth://dk.kmd.workzone/XXXXXXXXXXXXXXX"

},

{

"key": "mamclientid",

"valueString": "[ClientID]"

},

{

"key": "mamuserprincipalname",

"valueString": "{{userprincipalname}}"

}

]

}

 

  • You can find the ClientID under Azure Active Directory > App registrations > [Name of your Workzone Mobile Native app] where it is called Application (client) ID.
  • It is recommended to copy the exact value of the Redirect URI from the Native API.

Example:

4. Click OK.

5. Click Add.

6. Click Assignments. Select Selected groups in the Assign to list. Click Select groups to include and select EMS_Licensed_Users. Click Select and then Save.