Microsoft Intune and the AppConfig Community

This week I would like to write about Microsoft Intune and the AppConfig Community. I want to create some awareness about what the AppConfig Community is and I want to show how even Microsoft Intune can, and will, benefit of that great alliance.

What is the AppConfig Community?

Let’s start with what the AppConfig Community actually is. I could do that by providing my own explanation about the AppConfig Community, but to prevent any possible misinterpretation from my side, I will provide the good and clear explanation as provided on the AppConfig Community website.

The AppConfig Community is a collection of industry leading Enterprise Mobility Management (EMM) solution providers and app developers that have come together to make it easier for developers and customers to drive mobility in business. The community’s mission is to streamline the adoption and deployment of mobile enterprise applications by providing a standard approach to app configuration and management, building upon the extensive app security and configuration frameworks available in the OS. Working together, the members of the AppConfig Community are making it simpler for developers to implement a consistent set of controls so that enterprise IT administrators can easily configure and manage apps according to their business policies and requirements.

Historically, developers used proprietary software development kits (SDKs) to enable configuration and management features of their apps through EMM. This required app developers to build different versions of their apps for each EMM vendor. Now, with the AppConfig Community tools and best practices, developers do not require EMM-specific integrations for many enterprise use cases. End users also benefit from automated features such as an out-of-the-box experience to give the users instant app access without requiring cumbersome setup flows or user credentials.

Microsoft Intune and the AppConfig Community

Let’s continue with how Microsoft Intune works with the AppConfig Community. Well, it’s good to know that, at this moment, Microsoft Intune is not part of the collection of industry leading EMM solution providers that started the AppConfig Community. However, that doesn’t mean that the apps, created with the AppConfig Community standards, won’t work with Microsoft Intune. The XML format used by the AppConfig Community is similar to the XML format used by Microsoft and the Microsoft Intune app partners. In other words, the apps created by the partners, of the AppConfig Community, should also work with Microsoft Intune.

Microsoft Intune example

Now I want to show how Microsoft Intune works with an app, of a partner, of the AppConfig Community, to proof my previous statement. As an example app I use the amazing Nacho Mail app. Not only is it a great email app, it also has a great support team and some awesome configuration options. The support team is more than willing to help with providing the required information to apply app configurations to the Nacho Mail app.

Configuration

As I’m currently looking at multiple mail apps, with one of my customers, I’m also looking at the Nacho Mail app. One of the big pros, of the Nacho Mail app, is the fact that it allows the configuration of the app. It has the ability to configure a mail profile and it even has the ability to apply custom branding to the app. After contacting the support team, of the Nacho Mail app, they provided me with the following configuration key-value-pairs.

Type Key Description
String AppServiceHost Name of server
Integer AppServicePort Port number
String UserName User name
String UserDomain Domain name
String UserEmail User email address
String BrandingName Name of app to be displayed
String BrandingLogo Link to image to be displayed with app

I could use those key-value-pairs to create a mail profile for Office365, including custom branding. It’s not required to specify AppServiceHost with outlook.office365.com, as the Nacho Mail app is intelligent enough to figure it out based on the provided mail address. However, I noticed that it would save me a certificate warning. Below is the configuration that I’ve created and to use this configuration, please refer to my post about App Configuration Policies for iOS.

<dict>
   <key>AppServiceHost</key>
   <string>outlook.office365.com</string>
   <key>BrandingName</key>
   <string>petervanderwoude.nl</string>
   <key>BrandingLogo</key>
   <string>[Specify URL to logo]</string>
   <key>UserEmail</key>
   <string>{{userprincipalname}}</string>
</dict>

Note: I used the {{userprincipalname}} token type that is supported by Microsoft Intune to provide the user principal name of the end-user. However, at this moment Microsoft Intune hybrid seems to be having problems with the supported token types. Microsoft Intune standalone works like a charm.

End-user experience

After creating the app configuration, it’s time to look at the end-user experience. This time I will show the first two screens of the Nacho Mail app, after installation. That will provide a clear picture about how app configuration policies can be helpful for an end-user. The screenshots on the left show the default start of the Nacho Mail app and the screenshots on the right show the start of the Nacho Mail app after deploying the app together with the app configuration policy.

On the second screenshot, on the right, it clearly shows the complete configuration of the mail profile and my custom branding. I love it!

Before After
IMG_0034 IMG_0030
IMG_0035 IMG_0033

More information

For more information about the AppConfig Community and mobile app configuration policies, in Microsoft Intune standalone and Microsoft Intune hybrid, please refer to:

14 thoughts on “Microsoft Intune and the AppConfig Community”

  1. Hi Peter,

    Great info, does this mean I can configure Office 365 app features (ie. DLP) with EMM solutions such as Mobileiron, Airwatch, MaaS360 and JAMF?

    Thanks,
    Steve J

    Reply
  2. Hi Peter,

    Thank you so much. I am integrating Intune MDM with my app (iOS and Android) to get app configuration. iOS with your guidelines is working. But, Android I cannot find any solutions to integrate Intune with appconfig community. Could you guide me?

    Thank in advance,
    SonPx

    Reply
  3. Thanks Peter,

    I already read above document. however, I still don’t know how to configure the app settings in textbox that I can validate them successfully. In that document does not mention. Example in iOS:

    AppServiceHost
    outlook.office365.com

    What are the corresponding configurations in Android?

    Regards,
    SonPX

    Reply
  4. Sorry,
    This blog remove my html tags. I mean
    “dict”
    “key” AppServiceHost “/key”
    “string” outlook.office365.com “/string”
    “/dict”

    Regards,
    SonPX

    Reply
  5. One more question, How to obtain app configuration policy without AppConfig? Using Intune SDK as such and what method can I use in Android?

    Thanks!
    SonPX

    Reply
  6. Hi Peter,

    I know the keys because it is my app. 🙂 I’m integrating my app with Intune. My app have an available key is “serveraddress”. Currently, I want to obtain the value of “serveraddress” key from Intune portal. iOS already obtained but Android didn’t yet. I don’t know how to configure this key/value in Intune portal for Android. Can you give me an example about the configuration key/value for Android (iOS i known as the previous post) in Intune portal?

    Reply
  7. Hi Peter,
    I read in the comments above that to use appconfig with Android devices , need to have Android for Work . But my App is not in the Google Store , is an in-house app.
    There is a solution to me to get appconfig?

    Reply
  8. What if I want to use the appconfigs that are natively available on iOS / Android without using an MDM solution?
    Can I set the policies through an API post login?

    I have an enterprise app and would like to allow zero-enrollment-MAM.
    1) User installs the app on their personal device (non managed) from the public app store (App Store / Google Play)
    2) User signs-in with their enterprise account given by their employer
    3) Post-login the Appconfig settings are being pulled from the enterprise server and enforces.

    Would that work or do I always need an MDM with a manifest?

    Thanks
    Dario

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.