Thursday, 21 May 2015

Microsoft Intune App Wrapping Tool for Android

EMS Landing page

The Intune App Wrapping Tool for Android has just been released. It was announced on the Intune Team Blog a few days ago. I've been waiting for this as I manage a lot of Android devices (the Intune App Wrapping Tool for iOS was released way back in December).

Have a look at the blog to see the new features announced.

Summary of new features (some nice new Android items)

  • Ability to extend application protection to your existing line-of-business apps using the Intune App Wrapping Tool for Android
  • Ability to assign help desk permissions to Intune admins, filtering their view of the Intune admin console to only provide access to perform remote tasks (e.g. passcode reset and remote lock)
  • RSS feed notification option added for Intune admin to subscribe to be alerted when new Intune service notifications are available for their service instance
  • Improved end user experience in the Intune Company Portal app for iOS with step-by-step guidance added on how to access corporate email by enrolling for management and validating device compliance
  • Updated Intune Company Portal app for Windows Phone 8.1 to provide enhanced status notifications for app installations
  • New custom policy template for managing new Windows 10 features using OMA-URI
  • New per-platform mobile device security policy templates for Android, iOS, Windows, and Windows Phone, in addition to new Exchange ActiveSync policy template
  • Ability to deploy Google Play store apps that are required/mandatory to install on Android devices

I previously blogged about Mobile Application Management with Microsoft Intune. You can find this blog here

This introduced the concept of Intune Managed Apps and showed that you could create Managed App policies to govern and control your apps to prevent data leakage. You may want to look at that before we start.

So, what's great about this wrapping tool. Up until now we could only deploy Managed Apps for Android that Microsoft made available for us in the Google Store (Word, Excel etc). But what about our own Line of Business Apps? That's what the Intune Wrapping Tool for Android can do for us. It can turn any in-house developed apk file into an Intune Managed App.

Let's see it in action.

This is a typical apk file being uploaded to Intune.

There is very little control. You can select the groups to deploy the app to.....

.......and select the deployment action. Now let's turn this apk file into a Managed App and see the difference.

These are the basic steps. You can find this information in the TechNet Library

Prepare Android apps for mobile application management with the Microsoft Intune App Wrapping Tool
  • Install the latest version of Java Runtime Environment
  • Install the Intune App Wrapping Tool
  • Wrap an app
  • Add the app to Intune and deploy

Install the latest version of Java Runtime Environment

Install latest version of Java Runtime. Download it here

Verify Environment Variable has correct path (C:\ProgramData\Oracle\Java\javapath)

Install the Intune App Wrapping Tool

Download the Wrapping Tool

InstallAWT.exe is the file we need. Install the Tool.

This is the default installation folder. Make a note of it.
(C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool)

Wrap an App

Ok. We have installed the tool. What's next. We will use PowerShell and Import the Wrapping Tool module. Then we will wrap the App. The TechNet library document tells us the commands to use: 

Import-Module "C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool\IntuneAppWrappingTool.psm1"

Invoke-AppWrappingTool –InputPath <input-app.apk> -OutputPath <output-app.apk> -KeyStorePath <path-to-signing.keystore> -KeyAlias <signing-key-name> -ClientID <xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx> -AuthorityURI <http://AzureActivieDirectory.Authority.URL> -SkipBroker<$True|$False> -NonBrokerRedirectURI <urn:xxx:xx:xxxx:xx:xxx>

Wow. The first command looks OK but I don't like the look of the second one. However it's nothing to worry about. Most of the parameters are optional.

This table describes each parameter. We actually only need the Input and Output paths. This is my command 

Invoke-AppWrappingTool –InputPath C:\Ergo\APK\Notepad.apk -OutputPath C:\Ergo\APK\Intune_Notepad.apk

I execute my command........

......and here is the resulting Managed App. This is very easy to do.

Add the Managed App to Intune and deploy

Now let's upload the Wrapped App to Intune and we will see the difference.

It looks the same at this point.

See now though. Intune tells us that this is a Managed App and that we can apply Mobile App Management policies to it.

We have additional options now. We can choose to apply the MAM policy. This is a huge step forward for Android device management with Intune.

No comments:

Post a Comment