Version 2020

Integrate MicroStrategy Library with Microsoft Intune MAM Functions

You can use the Intune portal to add an extra layer of security to iPhones and iPads that are running MicroStrategy Library.

For Intune SDK users:

  • It’s not necessary to enroll your device with Intune Comp Portal. It is possible to run the app on an iOS simulator or new device without enrolling the device.
  • The Intune App SDK can use MSAL to perform authentication and enroll the application to do MAM. This includes getting and applying app configuration settings and app protection policy settings.

Microsoft Authentication Library (MSAL) is used to support authentication, conditional launch, and register the user identity with the MAM service for management in deployment and installation.

Your organization must be enrolled in the iOS Developer Enterprise Program. For information about this program, visit the iOS Developer web site.

See What's new in the Mobile SDK for iOS for the Xcode and Apple iOS SDK versions you need to use to develop and compile your application. Previous versions can be downloaded from the Apple Download site.

You must create a wildcard App ID for your application, using the iOS Provisioning Portal. A wildcard App ID is of the form [BundleSeedID].*, where:

  • BundleSeedID is an alphanumeric code that is generated by Apple when you create the App ID.
  • The asterisk (*) is a placeholder for the Bundle Identifier of the App ID. The Bundle Identifier is used by iOS to identify the application on your device. You set the value of the Bundle Identifier property in the property list file of your Xcode project. Replace the value of the asterisk (*) with an appropriate string using reverse-DNS format and com.yourCompanyName.YourAppName. For example, we use the default value of com.microstrategy.iPad for an iPad app or com.microstrategy.MSTRMobile for an iPhone app to integrate with Intune.

Intune allows customers to upload their mobile applications via their Intune Console or select apps directly from the Apple App Store. There is no need to set up a local app or web server.

Configuration and App Deployment on the Intune Console

Register the Application in Intune Console

  1. Add an application in Home > Azure Active Directory > App registrations > New Registration, provide the app name, choose Multienant type, and click Register.
  2. In Overview, copy the Application (client) ID as the value of ADALClientId in IntuneMAMSettings in Info.plist, to perform authentication with MSAL.

Configure iOS/macOS Authentication

  1. Under Manage, click Authentication, click Add a platform, and choose iOS/macOS > input Bundle ID > Configure.
  2. Copy the Redirect URI as the value of ADALRedirectUri in the IntuneMAMSettings of the project Info.plist in Xcode.

Add API Permissions

  1. Choose API permissions > add a permission > APIs my organization uses > choose the app.

  2. Select DeviceManangementManagerdApps.
  3. Click add permissions. For more information about adding API permissions, see Give your app access to the Intune app protection service.

Upload the App and Create an App Protection Policy

Create an .ipa file with Xcode:

  1. Add an App protection policy in Home > Microsoft Intune > Client apps > App protection policies. Assign it to the app you uploaded.
  2. You can also define the app restrictions in the policy. For more information, see iOS app protection policy settings.
  3. You can also control the app's behavior via AppConfig in Home > Microsoft Intune > Client apps > App configuration policies. For example, you can define the configuration URL. To get the configuration URL, see Library Administration Control Panel.

After you make changes to the app protection or configuration policies, it takes approximately 15 minutes to an hour for a device's app to receive the updated policy.

Now you can test and verify your new Intune Integrated Library app! It is recommended that you set up a security PIN when launching the application.