Elements Mobile Protection Android app with Microsoft Intune MDM

A collection of short easy steps to get started in taking the product into use

Follow the steps below to deploy the WithSecure Elements Mobile Protection app with Microsoft Intune MDM to Android devices.

Step 1: Adding the Android app to Microsoft Intune MDM

Step 1 - Adding the Android app to Microsoft Intune MDM

Before you integrate WithSecure Elements Mobile Protection with your MDM, make sure that the following prerequisites are met:

  • You have enrolled your end device
  • You have set the profile with policy restrictions

Note: WithSecure does not provide support for or instructions related to profiles and policies, unless specifically mentioned.

  • An internet connection for setting up the VPN and permissions for the files
  • A valid WithSecure Elements Mobile Protection subscription

To add the app to Intune MDM:

  1. Log in to your Microsoft Intune portal.
  2. Select Apps > Android > Add.
    The Select app type pane opens.
  1. From the App type drop-down menu, select Managed Google Play app, and then select Select
  2. In the Managed Google Play view, in the Search field, enter WithSecure Elements.
    The Apps view opens.
Apps view
  1. Select WithSecure Elements Mobile Protection.
  2. On the view that opens, select Approve > Approve.
Managed google page
  1. In the Approval settings tab, select Keep approved when app requests new permissions, and select Done.
    The Managed Google Play view opens.
  2. Select Sync at the top left corner.
    The Android Apps view opens.
Andoird apps
  1. Select Refresh and then select WithSecure Elements Mobile Protection.
    The WithSecure Elements Mobile Protection view opens.
WithsSecure Elements Mobile Protection view
  1. Under Manage, select Properties.
    The WithSecure Elements Mobile Protection Properties view opens.
  2. Next to Assignments, select Edit.
    The Edit Application view opens.
Edit application
  1. In the Assignments tab, do the following:
    1. Under Required, select Add all users.
    2. Select Review + save.
    3. In the Review + save tab, select Save.

The WithSecure Elements Mobile Protection app has been added to Microsoft Intune MDM.

Android apps

Next, add the app configuration policies.

Step 2: Adding the Android app configuration policies

Step 2 – Adding the Android app configuration policies

Instructions on how to add the WithSecure Elements Mobile Protection configuration policies for managed Android devices.

  1.  Select Apps.
    The Apps overview pane opens.
  2. Under Policy, select App configuration policies.
  3. Select Add > Managed devices.
    The Create app configuration policy pane opens.
Create app configuration
  1. In the Basics tab, do the following:
    1. In the Name field, enter WithSecure Mobile Protection. 
    2. From the Platform drop-down menu, select Android Enterprise. 
    3. From the Profile type drop-down menu, select Personally-Owned Work Profile Only. 
    4. Next to Targeted app, select Select app. The Associated app pane opens. 
    5. Select WithSecure Elements Mobile Protection, and select OK > Next. The Settings tab opens.
WithSecure Elements mobile protection settings
  1. Do the following:
    1. Under Configuration Settings, from the Configuration settings format drop-down menu, select Use configuration designer
    2. Select +Add
    3. On the pane that opens at the right, select the following: · Registration key · Alias (optional) · Email address (optional) · Environment (optional) 
    4. Select OK
    5. Select the value types and enter the configuration values for the following configuration keys:
      • fate_registration_key: value type: String; configuration value: [WithSecure Elements Mobile Protection subscription key]. Note: You can find the WithSecure Elements Mobile Protection subscription key in the WithSecure Elements Security Center under Endpoint Protection > Subscriptions.
      • alias: value type: String; configuration value: {{username}} 
      • email: value type: String; configuration value: {{mail}}
      • env: value type: Integer; configuration value: 2
      Note: The env configuration key and its value define where the VPN endpoint connects to. 
    6. Select Next.
      The Assignment tab opens.
Assignment tab
  1. Under Included groups, select Add all users and select Next.
    The Review + create tab opens.
Review and create tab
  1. Select Create.

The app configuration policy was created and assigned.

You need to install the app on an Android device.

Step 3: Granting permission to an app

Step 3 – Granting permission to an app

Instructions on how to grant permission to an app for a silent activation.

  1. Log in to the Microsoft Endpoint Manager administrator center.
  2. Select Apps > App configuration policies > Add > Managed devices.
    Note: You can choose to add either managed devices or managed apps. For more information, see Apps that support app configuration.
  3. On the Basics page, enter the following details:
    • Name - a name for the profile that is shown in the portal
    • Description - a description for the profile that is shown in the portal
    • Device enrollment type - the default option is Managed devices
  4. Under Platforms, select Android Enterprises.
  5. Next to Targeted app, choose Select app.
    The Associated app pane opens.
  6. On the Associated app pane, select the managed app that you want to associate with the configuration policy, and select OK.
  7. Select Next > Add.
    The Add permissions pane opens.
  8. Select the permissions that you want to override.
    Note: The granted permissions override the default app permissions policy for the selected apps.
  9. Set a permission state for each permission. You can select from the following options:
    • Prompt - ask the user to accept or deny
    • Auto grant - automatically approve without notifying the user
    • Auto deny - automatically deny without notifying the user
  10. Select Review + save.
    Your settings are saved.