Publishing the WorkZone Mobile (New) for iOS on Microsoft Intune (Azure Portal)

Prerequisite:

  • Internal domain users are synced to Entra ID and user groups with access to WorkZone Mobile (New) exist.
  • Conditional access policies are created. See Set up security and access from mobile devices.
  • Intune is set up so that mobile devices are managed and the devices are marked as "in compliance" by Intune.

Log in to the Microsoft Azure portal.

Add the Microsoft Authenticator app

Publish the Microsoft Authenticator app to make it available on the company portal. Users can then easily download it and use to log in to WorkZone.

  1. Go to Microsoft Intune.
  2. Click Apps > Platforms > iOS/iPadOS.
  3. Click Create.
  4. In the App type field, select iOS store app and click Select.
  5. Click Search the App Store.
  6. Enter Microsoft Authenticator in the search field and select Microsoft Authenticator among the available options.
  7. Click Select > Add.
  8. Click Assignments, and select the Entra ID groups or users who should get WorkZone Mobile (New) in their company portal.
  9. Click Save.

Add the Intune Managed Browser app and the Microsoft Office apps

Optionally, you can add the Intune Managed Browser app and a number of Microsoft Office apps to improve user experience with the WorkZone Mobile (New).

  1. Go to Microsoft Intune.
  2. Click Apps > Platforms > iOS/iPadOS.
  3. Click Create.
  4. In the App type field, select iOS store app and click Select.
  5. Click Search the App Store.
  6. Enter Intune Managed Browser in the search field and select the application.
  7. Click Select > Add.
  8. Click Assignments, and select the Entra ID groups or users who should get WorkZone Mobile (New) app in their company portal.
  9. Click Select > Add.

Add the WorkZone Mobile (New) app

  1. Go to Microsoft Intune.
  2. Click Apps > Platforms > iOS/iPadOS.
  3. Click Create.
  4. In the App type field, select iOS store app and click Select.
  5. Click Search the App Store.
  6. Select Denmark among countries and type "KMD WorkZone Intune" in the search field. Select KMD WorkZone Intune published by KMD A/S, and click OK.
  7. Click Select > Add.
  8. Click Assignments, and select the Entra ID groups or users who should get WorkZone Mobile (New) in their company portal.
  9. Click Save.

Create an app configuration policy for iOS

WorkZone Mobile (New) supports pushing certain connection settings to the mobile devices through Intune. This is done by creating an app configuration policy and assign the policy to the app users.

  1. In Intune, click Apps > Managed apps > Configuration.
  2. Click Create, and fill in the required information. See example below.
    • Device enrollment type: Managed devices.
    • Platform: iOS.
    • Target app: Click Select app, and select the KMD WorkZone Intune app that you have just created.
  3. Click OK.
  4. Click Configuration settings and select Enter XML data in the Configuration settings format field.
  5. Copy and paste the code below, replacing the URLs and ClientID with values from your environment:

    <dict>

    <key>mamserverurl</key>

    <string>[URL to your WorkZone server]</string>

    <key>mamredirecturi</key>

    <string>msauth.dk.kmd.kmd-workzone.intune://auth</string>

    <key>mamclientid</key>

    <string>[ClientID]</string>

    <key>mamuserprincipalname</key>

    <string>{{userprincipalname}}</string>

    <key>IntuneMAMUPN</key>

    <string>{{userprincipalname}}</string>

    <key>IntuneMAMOID</key>

    <string>{{userid}}</string>

    <key>IntuneMAMDeviceID</key>

    <string>{{deviceID}}</string>

    </dict>

    Tip:

    You can find the ClientID based on the Azure Configuration (Single app registration or Enterprise application registration) in your environment:

    • Single app registration: Under Azure Active Directory > App registrations > [Name of your WorkZone Mobile (New) app] where it is called Application (client) ID.

      For the detailed steps, see Microsoft article Register an application with the Microsoft identity platform.

    • Enterprise application registration: Under Azure Active Directory > Enterprise applications > [Name of your WorkZone Mobile (New) app] where it is called Application (client) ID.

      For the detailed steps, see Microsoft article Add an enterprise application.

  6. When you have completed the setup, click OK.
  7. Click Add or Save to apply the policy.
  8. Click Assignments.
  9. Select Selected groups in the Assign to list.
  10. Click Select groups to include, and select EMS_Licensed_Users.
  11. Click Select > Save.