This week I would like to write about Microsoft Intune and the AppConfig Community. I want to create some awareness about what the AppConfig Community is and I want to show how even Microsoft Intune can, and will, benefit of that great alliance.
What is the AppConfig Community?
Let’s start with what the AppConfig Community actually is. I could do that by providing my own explanation about the AppConfig Community, but to prevent any possible misinterpretation from my side, I will provide the good and clear explanation as provided on the AppConfig Community website.
The AppConfig Community is a collection of industry leading Enterprise Mobility Management (EMM) solution providers and app developers that have come together to make it easier for developers and customers to drive mobility in business. The community’s mission is to streamline the adoption and deployment of mobile enterprise applications by providing a standard approach to app configuration and management, building upon the extensive app security and configuration frameworks available in the OS. Working together, the members of the AppConfig Community are making it simpler for developers to implement a consistent set of controls so that enterprise IT administrators can easily configure and manage apps according to their business policies and requirements.
Historically, developers used proprietary software development kits (SDKs) to enable configuration and management features of their apps through EMM. This required app developers to build different versions of their apps for each EMM vendor. Now, with the AppConfig Community tools and best practices, developers do not require EMM-specific integrations for many enterprise use cases. End users also benefit from automated features such as an out-of-the-box experience to give the users instant app access without requiring cumbersome setup flows or user credentials.
Microsoft Intune and the AppConfig Community
Let’s continue with how Microsoft Intune works with the AppConfig Community. Well, it’s good to know that, at this moment, Microsoft Intune is not part of the collection of industry leading EMM solution providers that started the AppConfig Community. However, that doesn’t mean that the apps, created with the AppConfig Community standards, won’t work with Microsoft Intune. The XML format used by the AppConfig Community is similar to the XML format used by Microsoft and the Microsoft Intune app partners. In other words, the apps created by the partners, of the AppConfig Community, should also work with Microsoft Intune.
Microsoft Intune example
Now I want to show how Microsoft Intune works with an app, of a partner, of the AppConfig Community, to proof my previous statement. As an example app I use the amazing Nacho Mail app. Not only is it a great email app, it also has a great support team and some awesome configuration options. The support team is more than willing to help with providing the required information to apply app configurations to the Nacho Mail app.
Configuration
As I’m currently looking at multiple mail apps, with one of my customers, I’m also looking at the Nacho Mail app. One of the big pros, of the Nacho Mail app, is the fact that it allows the configuration of the app. It has the ability to configure a mail profile and it even has the ability to apply custom branding to the app. After contacting the support team, of the Nacho Mail app, they provided me with the following configuration key-value-pairs.
Type | Key | Description |
String | AppServiceHost | Name of server |
Integer | AppServicePort | Port number |
String | UserName | User name |
String | UserDomain | Domain name |
String | UserEmail | User email address |
String | BrandingName | Name of app to be displayed |
String | BrandingLogo | Link to image to be displayed with app |
I could use those key-value-pairs to create a mail profile for Office365, including custom branding. It’s not required to specify AppServiceHost with outlook.office365.com, as the Nacho Mail app is intelligent enough to figure it out based on the provided mail address. However, I noticed that it would save me a certificate warning. Below is the configuration that I’ve created and to use this configuration, please refer to my post about App Configuration Policies for iOS.
<dict>
<key>AppServiceHost</key>
<string>outlook.office365.com</string>
<key>BrandingName</key>
<string>petervanderwoude.nl</string>
<key>BrandingLogo</key>
<string>[Specify URL to logo]</string>
<key>UserEmail</key>
<string>{{userprincipalname}}</string>
</dict>
Note: I used the {{userprincipalname}} token type that is supported by Microsoft Intune to provide the user principal name of the end-user. However, at this moment Microsoft Intune hybrid seems to be having problems with the supported token types. Microsoft Intune standalone works like a charm.
End-user experience
After creating the app configuration, it’s time to look at the end-user experience. This time I will show the first two screens of the Nacho Mail app, after installation. That will provide a clear picture about how app configuration policies can be helpful for an end-user. The screenshots on the left show the default start of the Nacho Mail app and the screenshots on the right show the start of the Nacho Mail app after deploying the app together with the app configuration policy.
On the second screenshot, on the right, it clearly shows the complete configuration of the mail profile and my custom branding. I love it!
Before | After |
More information
For more information about the AppConfig Community and mobile app configuration policies, in Microsoft Intune standalone and Microsoft Intune hybrid, please refer to:
- AppConfig Community: http://appconfig.org/
- App Configuration Policies for iOS apps: https://www.petervanderwoude.nl/post/app-configuration-policies-for-ios-apps/
- Configure iOS apps with app configuration policies in System Center Configuration Manager: https://technet.microsoft.com/en-us/library/mt627960.aspx
- Configure iOS apps with mobile app configuration policies in Microsoft Intune: https://technet.microsoft.com/en-us/library/mt481447.aspx
Hi Peter,
Great info, does this mean I can configure Office 365 app features (ie. DLP) with EMM solutions such as Mobileiron, Airwatch, MaaS360 and JAMF?
Thanks,
Steve J
Hi Steve,
Once those Microsoft apps support (and document) app configuration, I would say yes.
Regards,
Peter
Hi Peter,
Thank you so much. I am integrating Intune MDM with my app (iOS and Android) to get app configuration. iOS with your guidelines is working. But, Android I cannot find any solutions to integrate Intune with appconfig community. Could you guide me?
Thank in advance,
SonPx
Hi SonPx,
AppConfig for Android is coming to Microsoft Inune with the introduction of Android for Work. A lot more information can be found here: https://docs.microsoft.com/en-us/intune/deploy-use/afw-app-configuration-policy
Regards,
Peter
Thanks Peter,
I already read above document. however, I still don’t know how to configure the app settings in textbox that I can validate them successfully. In that document does not mention. Example in iOS:
AppServiceHost
outlook.office365.com
What are the corresponding configurations in Android?
Regards,
SonPX
Sorry,
This blog remove my html tags. I mean
“dict”
“key” AppServiceHost “/key”
“string” outlook.office365.com “/string”
“/dict”
Regards,
SonPX
One more question, How to obtain app configuration policy without AppConfig? Using Intune SDK as such and what method can I use in Android?
Thanks!
SonPX
Hi SonPx,
You can only use AppConfig policies for apps of which you know the available keys. If you don’t know them, you might want to contact the creator of the app for that information.
Regards,
Peter
Hi Peter,
I know the keys because it is my app. 🙂 I’m integrating my app with Intune. My app have an available key is “serveraddress”. Currently, I want to obtain the value of “serveraddress” key from Intune portal. iOS already obtained but Android didn’t yet. I don’t know how to configure this key/value in Intune portal for Android. Can you give me an example about the configuration key/value for Android (iOS i known as the previous post) in Intune portal?
Hi SonPX,
I haven’t done that for Android, yet. Once I’ve done that I can give you an example.
Peter
Hi Peter,
I read in the comments above that to use appconfig with Android devices , need to have Android for Work . But my App is not in the Google Store , is an in-house app.
There is a solution to me to get appconfig?
Hi Jeremy,
You should be able to publish LOB apps to a private area in the Google Play store. For more information, see also: https://docs.microsoft.com/en-us/intune-classic/deploy-use/android-for-work-apps
Regards, Peter
What if I want to use the appconfigs that are natively available on iOS / Android without using an MDM solution?
Can I set the policies through an API post login?
I have an enterprise app and would like to allow zero-enrollment-MAM.
1) User installs the app on their personal device (non managed) from the public app store (App Store / Google Play)
2) User signs-in with their enterprise account given by their employer
3) Post-login the Appconfig settings are being pulled from the enterprise server and enforces.
Would that work or do I always need an MDM with a manifest?
Thanks
Dario
Hi Dario,
Yes, you can also use app configuration for apps without MDM enrollment. Those apps require the Intune SDK. For more information, see also: https://docs.microsoft.com/en-us/intune/app-configuration-policies-managed-app
Regards, Peter