Set up policies for Microsoft Intune to work with the LMS365 mobile app

Introduction

As part of Microsoft's Enterprise Mobility + Security (EMS) suite, Microsoft Intune integrates with your Microsoft Entra ID (Azure Active Directory) and Azure Information Protection. This enables your organization’s information to be protected on all of your users' devices, according to the Microsoft Intune compliance policies you create. When a device enrolls in Intune, it registers in Microsoft Entra and the compliance status for devices is reported to Microsoft Entra. Using the Microsoft Conditional Access policies from Microsoft Entra, combined with Microsoft Intune compliance policies, it's possible to control the devices and apps that can connect to your email and company resources. When integrated, you can gate access to keep your corporate data secure, while allowing your users to work from any device and from any location.

So, for your users to use the LMS365 mobile app, the app should be Intune compliant, and the access policies should be configured.

This article describes how to add the LMS365 mobile app to Microsoft Intune and how to set up the conditional access policies in Microsoft Entra for Microsoft Intune to work with the LMS365 mobile app.

 

NOTE   

LMS365 (Learn365) supports Microsoft conditional access policies and the installation of the LMS365 mobile app using Microsoft Intune internally for iOS and Android devices. LMS365 (Learn365) doesn't support Microsoft Intune App Policies.

LMS365 (Learn365) is deployed as three applications within the Microsoft Entra admin center and can be excluded from your security policies.

 

Add the LMS365 mobile app to Microsoft Intune

Required role: Microsoft 365 global admin

To work with Microsoft Intune, we recommend using either the Microsoft Edge or Google Chrome browser.

Before you assign the LMS365 mobile app to a device or a group of users, you should first add the app to Microsoft Intune. This is done from the Microsoft Intune admin center individually for Android and iOS operating systems.

In the following sections, we'll describe how to add the LMS365 mobile app to Microsoft Intune for the Android and iOS operating systems.

 

For the Android operating system

To add the LMS365 mobile app from the Android store to Microsoft Intune, follow these steps:

1. Perform steps 1 to 5 as described in the Microsoft Intune guide.

2. For step 6, on the App information page, complete the required information for the app as follows:

  • Name. LMS365 or enter the app name the way you want it to be displayed in the company portal. The app name must be unique. If the app name is duplicated, only one name is displayed to users in the company portal.
  • Description. Enter the description of the LMS365 mobile app. This description is displayed to users in the company portal. An example may be: The LMS365 mobile app provides easy access to all courses a learner is enrolled in. On their mobile device, learners can view completed, in progress, and not yet started courses at any time and from anywhere.
  • Publisher. Enter the name of the publisher of the LMS365 mobile app. This information is displayed to users in the company portal.
  • Appstore URL. Enter the URL of the LMS365 mobile app from the Google app store. To get the URL, follow this link, copy the URL from the address bar, and paste it in the Appstore URL field.
  • Minimum operating system. From the drop-down list, select the earliest operating system version on which the app can be installed. If you assign the app to a device with an earlier operating system, it won't be installed.

3. Return to the Microsoft Intune guide and complete the remaining steps, starting from step 7. 

As a result, the LMS365 mobile app in the Android store that you've added is displayed in the Microsoft Intune admin centerApps > All apps.

 

the_newly_created_app.png

 

Now, your users can download the Intune Company portal app to their mobile devices, log in, and follow the access configuration procedure for their accounts.

 

NOTE   

If your users encounter issues when logging in to the Intune Company portal app, go to the Microsoft Entra (Azure Active Directory) admin center and check the Sign-in status of the relevant user. For more information on this topic, refer to the Microsoft documentation.

 

For the iOS operating system

To add the LMS365 mobile app from the iOS store to Microsoft Intune, follow thes steps:

1. Perform steps 1 to 8 as described in the Microsoft Intune guide.

2. For step 9 of this guide, on the App information page, complete the required fields as follow. These fields may be automatically completed:

  • Name. LMS365 or enter the app name the way you want it to be displayed in the company portal. The app name must be unique. If the app name is duplicated, only one name is displayed to users in the company portal.
  • Description. Enter the description of the LMS365 mobile app. This description is displayed to users in the company portal. An example may be: The LMS365 mobile app provides easy access to all courses a learner is enrolled in. On their mobile device, learners can view completed, in progress, and not yet started courses at any time and from anywhere.
  • Publisher. Enter the name of the publisher of the LMS365 mobile app. This information is displayed to users in the company portal.
  • Appstore URL. Enter the URL of the LMS365 mobile app from the iOS app store. To get the URL, follow this link, copy the URL from the address bar, and paste it in the Appstore URL field.
  • Minimum operating system. From the drop-down list, select the earliest operating system version on which the app can be installed. If you assign the app to a device with an earlier operating system, it won't be installed.

3. Return to the Microsoft Intune guide and complete the remaining steps starting from step 10.

As a result, the LMS365 mobile app in the iOS store that you've added is displayed in the Microsoft Intune admin centerApps > All apps.

 

the_IOS_newly_added_app.png

 

Now, your users can download the Intune Company portal app to their mobile devices, log in, and follow the access configuration procedure for their accounts.

 

NOTE   

If your users encounter issues when logging in to the Intune Company portal app, go to the Microsoft Entra (Azure Active Directory) admin center and check the Sign-in status of the relevant user. For more information, see the Microsoft documentation.

 

Set up policies in the Microsoft Entra (Azure Active Directory) admin center

Required role: Microsoft 365 global admin

 

NOTE   

In the following steps, which show how to set up a new conditional policy for the LMS365 mobile app usage, the Android operating system is used on devices and the policy requires multi-factor authentication.

 

To set up conditional access policies in the Microsoft Entra (Azure Active Directory) admin center, follow these steps:

1. Go to the Microsoft Entra (Azure Active Directory) admin center > All Services > All > Security > Conditional Access > Policies.

2. Select Create new policy and give it a name.

3. Configure two blocks:

  • Assignments. Set the users and groups, cloud apps, or actions to apply to the policy.
  • Access controls. Choose whether you want to grant or block access to resources.

4. When you've configured the settings, select Create to create the policy.

 

Assignments

Under Assignments, you control to whom the policy will be applied, where it'll be applied, as well as any conditions. Complete the Users, Cloud apps or actions, and Conditions sections.

 

Users

Select identities in ADD to which the policy applies, including users, groups, and service principals:

1. Select Users to call out the Include and Exclude tabs. In the Include tab, select Select users and groups > Users and groups.

2. On the opened Select users and groups panel, use the search box to find Microsoft Entra (Azure Active Directory) users and groups. All the selected users and/or groups will be listed under the Selected items.

3. Confirm your choice with Select at the panel bottom.

For more detailed information, related restrictions, and limitations, see this Microsoft documentation on Conditional Access: Users and groups.

 

conditional_access_1.png

 

Cloud apps or actions

Under Cloud apps or actions, you control access based on all or specific cloud apps or actions.

1. Under Cloud apps or actions, in the Include tab, select Select apps. This opens the Select panel.

2. On the opened Select panel, select Microsoft Intune Enrollment. Use the search box if the app isn't listed.

3. Confirm your choice with Select at the bottom of the panel.

For more detailed information, see this Microsoft guide.

 

conditional_access_3.png

 

Conditions

When selecting Conditions, optional steps enable you to specify additional criteria that you want to apply to the policy. For more information, see Microsoft guide on Conditional Access: Conditions.

With the example of setting up policies for Android for a specific user requiring multi-factor authentication, follow these steps:

1. Select Conditions > Device platforms to configure specific platforms to which you want to apply the policy. This opens the Device platforms panel.

2. Set the Configure toggle to Yes to activate the Include and Exclude tabs.

3. In the Include tab, choose the Select device platforms radio button and check the relevant operating systems. In this example, it's Android.

4. Confirm the action by selecting Done.

 

conditional_access_2.png

 

5. Go to the Client apps to configure the software the user employs to access the cloud app.

6. On the opened Clients apps panel, configure user access to target specific client applications that don't use modern authentication. Set the Configure toggle to Yes to be able to configure the client apps to which this policy will apply.

By default, all client apps are selected. In this example, we'll clear all checkboxes except for Mobile apps and desktop clients.

7. Select Done to save the settings and close the panel.

 

conditional_access_4.png

 

Access controls

Under Access controls, set up the Grant section.

In the Grant section, choose whether you want to block access or select additional requirements that need to be satisfied to enable access. For this, follow these steps:

1. Under Access controls, select Grant.

2. From the opened Grant panel, select Grant access and choose to enforce one or more controls when granting access by selecting the relevant checkboxes:

  • Require multi-factor authentication. Users will need to complete additional security requirements, such as a phone call or text.
  • Require device to be marked as compliant. Requires the user's device to be Intune compliant. If the device is non-compliant, the user will be prompted to bring the device under compliance.

 

NOTE   

Require approved client app and Require app protection policy settings aren't supported by LMS365 (Learn365).

 

3. Choose Select to save the changes and close the Grant panel.

For additional information about the Access control, see the Microsoft documentation.

 

conditional_access_5.png

 

Was this article helpful?
1 out of 1 found this helpful

Comments

Article is closed for comments.