Publishing the WorkZone Mobile iOS app on Microsoft Intune (Azure Portal)
Prerequisite:
- Internal domain users are synced to Azure Active Directory and user groups with access to WorkZone Mobile exist.
- Conditional access policies are created. See Set up security and access from mobile devices.
- Intune is set up so that mobile devices are managed and the devices are marked as "in compliance" by Intune.
Log in to the Microsoft Azure portal.
Add the Microsoft Authenticator app
Publish the Microsoft Authenticator app to make it available on the Company Portal. Users can then easily download it and use to log in to WorkZone.
- Go to Microsoft Intune.
- Click Client apps > Apps.
- Click Add. In the App type field, select Store app > iOS.
- Click Search the App Store.
- Enter Microsoft Authenticator in the search field and select Microsoft Authenticator among the available options.
- Click Select and then click Add.
- Click Assignments, and select the Azure Active Directory groups or users who should get WorkZone Mobile in their Company Portal.
- Click Save.
Add the Intune Managed Browser app and the Microsoft Office apps
Optionally, you can add the Intune Managed Browser app and a number of Microsoft Office apps to improve user experience with the WorkZone Mobile application.
- Go to Microsoft Intune.
- Click Client apps > Apps.
- Click Add. In the App type field, select Store app > iOS.
- Click Search the App Store.
- Enter Intune Managed Browser in the search field and select the application.
- Click Select and then click Add.
- Enter Microsoft in the search field and select the applications that you want to add.
- Click Select and then click Add.
- Go to Microsoft Intune.
- Click Client apps > Apps.
- Click Add. In the App type field, select Store app > iOS.
- Click Search the App Store.
- Select Denmark among countries and type "WorkZone for Intune" in the search field. Search for WorkZone for Intune and select KMD WorkZone for Intune published by KMD A/S, and click OK.
- Click Select and then click Add.
- Click Assignments, and select the Azure Active Directory groups or users who should get WorkZone Mobile in their Company Portal.
- Click Save.
Create an App configuration policy for iOS
WorkZone Mobile supports pushing certain connection settings to the mobile devices through Intune. This is done by creating an app configuration policy and assign the policy to the app users.
- In Intune, click Client apps > App configuration policies.
- Click Add, and fill in the required information. See an example below.
- Select Managed devices in the Device enrollment type field.
- Select iOS in the Platform field.
- Click Associated app, and select the WorkZone Mobile app that you just created.
- Click OK.
- Click Configuration settings and select Enter XML data in the Configuration settings format field.
- Copy and paste the code below.
- It is recommended to copy the exact value of Redirect URI from the Native API.
- You can find the
ClientID
under Azure Active Directory > App registrations > [Name of your Workzone Mobile Native app] where it is called Application ID.
<dict>
<key>mamserverurl</key>
<string>[URL to your WorkZone server]</string>
<key>mamredirecturi</key>
<string>[Redirect URI of the native WorkZone app]</string>
<key>mamclientid</key>
<string>[ClientID]</string>
<key>mamuserprincipalname</key>
<string>{{userprincipalname}}</string>
</dict>
Where you need to replace the URLs
and ClientID
with the ones from your environment.
Tip:
- When you have completed the setup, click OK.
- Click Add or Save to apply the policy.
- Click Assignments. Select Selected groups in the Assign to list. Click Select groups to include and select EMS_Licensed_Users. Click Select and then Save.