Setting up policies for Microsoft Intune to work with the LMS365 mobile app

As part of Microsoft's Enterprise Mobility + Security (EMS) suite, Microsoft Intune integrates with your Azure Active Directory (AAD) and Azure Information Protection. This allows you to keep your organization’s information protected on all of your users' devices, according to the Microsoft Intune compliance policies you create. When a device enrolls in Intune it registers in AAD and the compliance status for devices is reported to AAD. Using Conditional Access policies from the AAD combined with Intune compliance policies, it's possible to control the devices and apps that can connect to your email and company resources. When integrated, you can gate access to keep your corporate data secure, while allowing your users to work from any device, and from any location.

So, for your users to be able to enjoy the LMS365 mobile app, the app should be Intune compliant and the access policies are to be configured. This article describes how to add the LMS365 mobile app to Intune and how to set up Conditional Access policies in AAD for Intune to work with the LMS365 mobile app.

NOTE   

We use Conditional Access policies and also deploy the LMS365 mobile app using Microsoft Intune internally for iOS and Android phones. We don’t support Microsoft Intune App Policies. LMS365 is deployed as three AAD Applications within your AAD and can be excluded by your security policies.

 

In this article

 

Adding LMS365 mobile app to Microsoft Intune

NOTE   

  • To set up Microsoft Intune, the Microsoft 365 global admin needs to perform several steps. When describing these steps, we will use the example of setting up policies for a specific user who is using the Android operating system. The policy requires multi-factor authentication for LMS365 mobile app usage.
  • When you work with Microsoft Intune, we recommend that you use either the Microsoft Edge or Google Chrome browser.

Before you assign an app to a device or a group of users, you must first add the app to Microsoft Intune. This is done from the Microsoft Endpoint Manager admin center separately for Android and iOS operating systems.

Here we describe how to add an Android store app and an iOS store app to Microsoft Intune from the Azure portal.

To add an Android store app to Intune from the Azure portal, follow steps 1 to 5 in the Add Android store apps to Microsoft Intune guide.

For step 6 of this guide, add the required details: 

  • Name: LMS365. (Enter the name of the app as it is to be displayed in the company portal. Make sure that any app name that you use is unique. If an app name is duplicated, only one name is displayed to users in the company portal.)
  • Description: LMS365 mobile app provides easy access to all courses a learner is enrolled in. On their mobile device, learners can view completed, in progress and not yet started courses at any time and from anywhere. (Enter a description for the app. This description is displayed to users in the company portal.)
  • Publisher: (Enter the name of the publisher of the app.)
  • Appstore URL: https://play.google.com/store/apps/details?id=com.elearningforce.LMS (Enter the app store URL of the app that you want to create. Use the URL of the app page when the details of the app are displayed in the store.)
  • Minimum operating system: (In the list, select the earliest operating system version on which the app can be installed. If you assign the app to a device with an earlier operating system, it will not be installed.)

Return to the Add Android store apps to Microsoft Intune guide and continue from step 7.

When you have finished all these steps, the app you've created is displayed in the Apps > All apps list.


Recording__91.gif

 

To add an iOS store app to Intune from the Azure portal, follow the steps 1 to 8 in the Add iOS store apps to Microsoft Intune guide. 

For step 9 of this guide, add the required details, which might have been automatically filled in depending on the app you have chosen:

  • Name: LMS365. (Enter the name of the app as it is to be displayed in the company portal. Make sure that any app name that you use is unique. If an app name is duplicated, only one name is displayed to users in the company portal.)
  • Description: LMS365 mobile app provides easy access to all courses a learner is enrolled in. On their mobile device, learners can view completed, in progress and not yet started courses at any time and from anywhere. (Enter a description for the app. This description is displayed to users in the company portal.)
  • Publisher: (Enter the name of the publisher of the app.)
  • Appstore URL: https://play.google.com/store/apps/details?id=com.elearningforce.LMS (Enter the app store URL of the app that you want to create. Use the URL of the app page when the details of the app are displayed in the store.)
  • Minimum operating system: (In the list, select the earliest operating system version on which the app can be installed. If you assign the app to a device with an earlier operating system, it will not be installed.)

Return to the Add iOS store apps to Microsoft Intune guide and continue from step 10.

When you have finished all these steps, the app you've created is displayed in the Apps > All apps list.

 

Recording__92.gif

 

When you are done with the store app, your users can download the Intune Company portal app on their mobile device, log in and follow up the access configuration procedure for their account. 

 

NOTE

If your users face issues when logging in the Intune Company portal app, please, go to Azure Active Directory admin center, check the Sign-ins status of the user is question and open Details. Follow the link to find more information. 

 

 

Setting up policies in the AAD admin center?

Go to Azure Active Directory admin center > Security > Conditional Access | Policies

 

Recording__54.gif

 

Select New policy, give it a name and configure two blocks:

  • Assignments - this is where you can set Users and groups and Cloud apps or actions to apply to the policy.
  • Access controls - this is where you can state if you want to grant or block access to resources.

1200.png

 

Assignments

Under Assignments, you can control who, where, and with what conditions the policy will be applied to.

1) Under Users two tabs are displayed - Include and Exclude. On the Include tab, the options for selection are None, All users, and Select users and groups.

Check Select users and groups, check the box for Users and groups. The Select panel will open where you can target a specific user or group by browsing the available AAD users and groups. All the users and/or groups that you select will appear under the Selected items. Confirm your choice by the Select button at the bottom of the panel. 

Recording__86.gif


When nder the Users 

For more information, and related restrictions and limitations, please see Conditional Access: Users and groups.


2) Under Cloud apps or actions, two tabs are displayed - Include and Exclude. On the Include tab, the available options are None, All cloud apps and Select apps

  1. Check Select apps. The Select panel will open where you can browse the list of available applications.

  2. Find and select Microsoft Intune Enrollment. It will appear under the Selected items. Confirm your choice with Select at the bottom of the panel.

  3. When nder the Cloud apps or actions

 

Recording__87.gif

 

3) When selecting Conditions, you have an optional step of specifying additional criteria you want to apply to the policy. For more information, please see Conditional Access: Conditions

With the example of setting up policies for Android for a specific user requiring multi-factor authentication, follow the steps below:

  1. Go to Device platforms to configure specific platforms to apply the policy to. The Device platforms panel will open. Move the Configure toggle to Yes to activate the Include and Exclude tabs. From the Include tab select the Select device platforms option button and check the relevant operating system(s), in our case - Android. Confirm your choice with Done.

    2022-06-14_09_30_02-Device_platforms_-_Azure_Active_Directory_admin_center.png

  2. Go the Client apps to configure the software the user is employing to access the cloud app. The Clients app panel will open that allow to configure user access to target specific client applications not using modern authentication. Move the Configure toggle to Yes to to be able to configure the client apps this policy will apply to. Per default, all client apps are preselected. In our case we clear all checkboxes except the 'Mobile apps and desktop clients' one. Select Done to save the changes and close the panel.

    2022-06-14_09_38_53-Client_apps_-_Azure_Active_Directory_admin_center.png

Access controls

Under Access controls, decide if you want to block access or select additional requirements which need to be satisfied to allow access. Under Grant, select the Grant access option button and choose to enforce one or more controls when granting access be selecting the relevant checkboxes. For more information, please see Conditional Access: Grant.

 

Check the boxes:

  1. Require multi-factor authentication so that the user will need to complete additional security requirements, like a phone call or text.
  2. Require device to be marked as compliant requires the device to be Intune compliant. If the device is non-compliant, the user will be given the option to enroll the device in Intune
  3. Choose Select to save the changes and close the Grant panel. 

Recording__90.gif

 

NOTE

Require approved client app and Require app protection policy settings are not supported by LMS365.

 

When done with the settings, select Create to create your policy.

 

Was this article helpful?
1 out of 1 found this helpful

Comments

Article is closed for comments.