Microsoft Intune MDM

By downloading an XML file from Umbrella and then uploading it to your Intune system, Intune is able to push configuration information to both the Cisco Secure Client and Umbrella so that your Android device is registered with Umbrella. The result is that your Android device is protected by Umbrella.

For information about configuring Intune, see Intune's documentation.

👍

Microsoft Intune Details

For more information about using the Cisco Umbrella AnyConnect module with the Intune Mobile Device Manager, see Intune documentation, available online at Microsoft's docs website.

Table of Contents

• Prerequisites
• Publish the Umbrella AnyConnect App to Managed Android Devices
• Configure Umbrella
• Push User Identities
• Push the Umbrella Certificate
• Manage Pop-Ups and App Controls

Prerequisites

• An Android Enterprise compatible device deployment. The legacy Device Admin (DA) system is not supported at this time
• Android mobile devices running Android OS version 6.0.1 and above. Devices examples are Samsung, Google, and Motorola. FireOS devices and other Android forks are not supported.
• An MDM for deploying the software; in this case, Microsoft Intune.
• Access to an Umbrella subscription including mobile device coverage.
• A network meeting access requirements.
  • Access over UDP 53 and UDP 443 to 208.67.222.222 from the device.
• For on-network scenarios, Trusted Network Detection (TND) may also be used to disable the client on network and pass traffic to a Virtual Appliance. The following prerequisites apply:
  • All VAs in use are defined by FQDN (IPs entered will not allow the client to go into trusted network mode) in the umbrella_va_fqdns configuration property.
    • The format for this field is comma separated, for example, (va1.domain.com, va2.domain.com)
  • VAs must be registered to the same Umbrella organization as the Android devices.
  • HTTPS mode for user events enabled on the Virtual Appliance.
    • If the VA’s FQDN is not publicly signed, the self-signed root certificate for the VA domain used for HTTPS mode on the VA must also be pushed to the Android device to sign the connection.
    • VA certificates should contain Subject Alternate Name (SAN) matching the VA’s configured domain to successfully communicate with the VA over HTTPS mode.
    • For more information on how to configure HTTPS mode on the VA, see Umbrella Virtual Appliance: Receiving User-IP mappings Over a Secure Channel.

Publish the Umbrella AnyConnect app to Managed Android Devices

1. In your InTune dashboard, navigate to Apps > All Apps > Add Application.
2. From the App Type pull-down, choose Managed Google Play.

2. In the Play store, search for AnyConnect (or the bundle id: com.cisco.anyconnect.vpn.android.avf).

3. Approve the app and then click Select.
4. Click Sync. The app appears in the App List after syncing.

Configure Umbrella

1. In your InTune dashboard, navigate to Apps > Configuration Policy.
2. Create a new policy, including name and description. Select the "Managed Device" enrollment type and set the platform to “Android”.

3. Click Associated App, search for AnyConnect, and then click OK.
4. Click Configuration Settings, select Use Configuration Designer and then click Add.

5. Search for Umbrella and add the values for Umbrella Organization ID and Umbrella Registration Token from the file you downloaded in the section Android Configuration Download.
6. Click Add.

7. Click the newly created policy and assign it to the group to which you need to push the configuration.

8. Navigate to All Apps, select AnyConnect, and then go to Assignments.

9. Click Add Group.
10. Set the Assignment Type to “Required”, select the groups to which the AnyConnect app is to be pushed and click OK.

11. To check the installation status for a user or device, navigate to All Apps, select AnyConnect, and then check Device Install Status and User Install Status.

Push User Identities

When user identities are pushed to Umbrella, you can identify and search users and devices. For more information, see Manage Identities.

Push the Umbrella Certificate

For information, see Push the Umbrella Certificate to Devices.

Manage Pop-Ups and App Controls

For information about configuring the client's deployment options, see Manage Pop-Ups and App Controls.

VMware Workspace ONE < Microsoft InTune MDM > Samsung Knox MDM