Set up security and access from mobile devices

To secure the access to the WorkZone Mobile (New) app's web services that are used by WorkZone Mobile (New), it is recommended to configure conditional access, which will only allow access from compliant mobile devices.

Prerequisite: Mobile devices must be managed by Intune and compliance policies must be configured and enabled on the devices.

Log in to the Microsoft Azure portal.

Create a new policy

  1. Click Azure Active Directory on the menu.
  2. Under Security, click Protect > Conditional Access > Create new policy.
  3. Type name of the policy into the Name field. For example, Check_for_device_Compliance.

  4. Under Assignments, click Users and groups.
  5. On the Include tab, click All users > Done. This ensures that all users will be checked.
  6. Click Target resources and select Resources from the dropdown.
  7. On the Include tab, click Select resources.
  8. Click Select to expand the list of applications. Select the WorkZone Mobile (New) app that you have created earlier.
  9. Click Select.
  10. Click Conditions > Device platforms > Yes to enable Configure.
  11. Select Any device > Done. This ensures that all platforms will be checked.
  12. Click Locations > Yes to enable Configure.
  13. On the Include tab, click Any location > Done. This ensures that all locations will be checked.
  14. Click Client apps > Yes to enable Configure.
  15. Select the Browser, Mobile apps and desktop clients, Exchange ActiveSync clients and Other clients checkboxes.
  16. Click Done.
  17. Under Access controls, click Grant > Grant access.
  18. Select the Require multi-factor authentication and Require device to be marked as compliant options.
  19. In the For multiple controls section, select Require one of the selected controls.
  20. Click Select.
  21. Click On to enable the policy, and then Create. The created policy now appears as Enabled.

For more information about configuring conditional access policy, see Learn about Conditional Access and Intune Microsoft article.

Create an app protection policy

Optionally, you can create an app protection policy for your KMD WorkZone Intune app. App protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app. These policies allow you to control how data is accessed and shared by other apps on mobile devices. For example, with an app protection policy, you can:

  • Require a PIN or fingerprint to access WorkZone on a mobile device
  • Prevent users from copying and pasting WorkZone data into personal apps
  • Restrict access to WorkZone data to only approved apps

Intune MAM

Intune MAM (or Mobile Application Management) is a feature in Microsoft Intune that allows organizations to secure corporate data within applications, even on devices that aren't managed by the organization (MDM).

Intune MAM protect corporate data on unmanaged devices, allowing users to use personal devices without full device management, by controlling access and data sharing within specific apps.

See App protection policies overview Microsoft article for the detailed information.