Fotolia

3 Intune app management practices that IT pros should know

Intune admins should learn the basics of Intune app management for deploying, wrapping and securing applications. Find out why each step is crucial and how IT can accomplish them.

With the help of Microsoft Intune's mobility management controls, IT professionals can deploy, manage and secure mobile applications across Android and iOS devices.

Intune is a unified endpoint management (UEM) tool that offers a number of helpful mobility management functions, such as mobile device enrollment, mobile app wrapping and app protection.

IT professionals must understand the benefits and use cases for these Intune app management controls and features before they try to deploy them across an organization.

Intune app deployment

Before IT professionals can manage users' mobile applications via Intune, they must deploy the apps properly. This Intune app management and deployment process differs based on the mobile OS that users run on their devices. Mobile admins should be ready to deploy applications using multiple methods.

Deploy iOS apps

Most of the iOS applications that IT will encounter are best deployed through Apple App Store. Intune integrates natively with Apple App Store, so IT can deploy the application directly to the store. Users must then sign in to App Store with an Apple ID and download the app on their own.

There is another option IT has for iOS apps, however. If there is an application that IT will deploy across all of its managed Apple mobile devices, an organization can purchase access to an application for all of its users via the Apple Volume Purchase Program -- assuming the organization has enrolled in Apple's VPP. IT then has to create and deploy a VPP token to the desired devices, and users can download the app without the need for an Apple ID.

Deploy Android apps

The best option for Android admins to deploy apps is with the Managed Google Play store. Once they establish a connection between Intune and the managed Google Play store, IT pros can search for existing Android apps to deploy within Intune. Once IT pros select the applications, they deploy those apps to users' on-device Google Play store for them to download.

Intune app wrapping

Application wrapping is a method of Intune app management in which IT creates a wrapper around line of business (LOB) apps. The wrapper around the app enables UEM to interact with the application in ways that the app would not support on its own.

With a wrapper around the application, IT can deploy policies that may not have been available with the app's native management options.

Both Android and iOS devices have a number of requirements that Intune admins must follow to wrap a mobile app correctly. IOS apps, for example, must run on iOS 10 or later, cannot be encrypted and cannot have extended file attributes. Android apps must have little to no user authentication experiences and must be created with Apache Cordova. There are several additional requirements for each type of app.

Once IT ensures its apps are compatible with Intune App Wrapping Tool, it can deploy the wrapper itself. With iOS devices, IT can include all of the desired management controls for the wrapper in a PLIST file, which defines the coding language that IT can use to input commands. Android admins, however, can use Windows PowerShell to deploy these controls directly.

Intune app protection

With Intune app protection, IT can secure mobile apps for Android and iOS and prevent data loss on mobile devices. These policies can enforce authentication requirements, such as fingerprint scans, and limit users' ability to share data between the managed and nonmanaged parts of a mobile device. This use case is especially helpful for BYOD use cases because IT doesn't have to manage users' personal devices as strictly.

These Intune app management policies are crucial for organizations with mobile users who can access sensitive files and data because mobile devices face a number of unique threats. For example, IT may require a complex passcode for the device itself, but malicious actors could compromise a massive amount of data if they manage to unlock a device and the individual apps aren't protected.

IT can deploy these security policies to certain apps with a separate UEM or enterprise mobility management (EMM) tool or with Intune alone. Many organizations with a high number of managed mobile users most likely already run UEM or EMM on their devices. IT does have the option to directly manage Microsoft mobile apps, such as Microsoft Outlook and Skype for Business, via Intune app protections, and with the right app wrapping, IT can manage third-party and LOB apps as well.

Dig Deeper on Mobile application strategy