Intune setup with LeanIX Mobile App

Overview

With Microsoft Intune mobile app management without enrolment (MAM-WE), organisations can add LeanIX to a set of trusted apps to ensure that sensitive business data stays secure on unmanaged personal mobile devices. This allows admins to manage LeanIX access and security for members without taking full control of employees’ devices. Before setting up LeanIX EAM for Intune, keep the following in mind:

All members must have a Microsoft Intune account with the proper Microsoft Intune licence assigned.

All members must belong to a security group targeted by an app protection policy that targets the LeanIX app before registering their app.

Azure Active Directory (AD) accounts are not required to use Intune; however, you'll need someone with Azure AD admin access as well as Intune admin access to configure the proper permissions.

📘

Information

The ‘LeanIX EAM for Intune’ mobile application also supports mobile device management (MDM) solutions via Intune for customers who are interested in managing enrolled devices.

Important Note

For Android

Your organization’s users and the IT Admins need to have the “Company Portal” App installed on their mobile devices for the “LeanIX EAM for Intune” app to work. This is a requirement from Intune side. Without this, user authentication will not work in the application.

The users also need to be logged in to the “Company Portal” App.

For iOS

It is recommended to have “Company Portal“ application preinstalled on the mobile device. In its absence, user authentication will happen through the web.

Azure Setup

📘

Information

This guide assumes that you are an Azure Admin.

To add the “LeanIX EAM for Intune” application to your Azure Portal’s “Enterprise Applications” list….

  1. Install the “LeanIX EAM for Intune” app on your Android or iOS phone by opening the links in your mobile device or scanning the below QR Code.
25662566
  1. Login with your organization’s Microsoft account once prompted.
  2. When prompted for permissions, “Accept” the User Read permissions.
862862

Now the app will fail because not all permissions are granted.

  1. In your Azure Portal, you will now see that LeanIX EAM for Intune has been added to the “Enterprise Applications” list.
  2. Navigate to the LeanIX EAM for Intune application by following these steps:
    a. Open Azure Portal
    b. Search for “Enterprise Applications” and open it
    c. Search for “LeanIX EAM for Intune” in the search bar for the applications list
    d. Click on the “LeanIX EAM for Intune” app
906906
  1. Now, we need to grant the admin consent for additional permissions the app needs to work with Microsoft Intune. Go to “Permissions” under security. Click on the “Grant admin consent for <your_organization>” button.
10231023
463463

You will be prompted to allow the permissions in a new popup window. “Allow” the permissions.

Come back to Azure Portal.

  1. Click on “Users and Groups” under “Manage” and add the groups/users in your organization whom you would want to give access to the managed LeanIX app on their personal/managed mobile devices.
10151015

After completing the Azure setup, you can move on to Android and/or iOS-specific setup instructions:

After completing the Android and/or iOS setup, you can now add a configuration policy for both platforms.

Add Configuration Policy (Optional, Common for Android and iOS)

Adding configuration policy is an optional step (for both Android & iOS) .

  1. Go to Microsoft Endpoint Manager > “Apps” > “App Configuration Policies”. Click on “Add”. Click on “Managed Apps
670670
  1. Enter the basic details for the Configuration Policy. Click on “Select custom apps”.
371371
  1. Enter “net.leanix.app.intune” in the “Bundle or Package ID” field (ID is same for both Android and iOS apps)
  2. Make sure the “Platform” is set to “Android” (or iOS). Click on “Add”.
425425
  1. Click on the newly added package(s) from the list.
437437
  1. Repeat steps 3-5 if you also want to configure the iOS app. But, in Step 4, change the “Platform” to “iOS/iPadOS”
  2. Click on “Select”. Click on “Next
  3. In the “General Configuration” section, you can configure the domain for your LeanIX EAM Instance by adding a Key/Value Pair as follows:
    Name: instance_url
    Value: <your_leanix_domain> (e.g. app.leanix.net)
793793
  1. On Step 3 (Assignments), make sure to add the users/groups you want this configuration policy assigned to.
751751
  1. Review and Create the configuration policy

Once you have completed the above configuration for both Azure Portal and Intune, your organization’s users will now be able to access LeanIX EAM through their mobile devices. It may take upto 24 hours for the “Company Portal” to sync the newly added setup on the user's mobile devices. You can also ask them to manually perform a Sync in the “Company Portal” app to load the configuration immediately.

To trigger the sync in “Company Portal” app, follow these steps:

  • Android: Side Navigation Drawer → “Settings“ → “Sync”
  • iOS: “Devices” tab → “Check status”

Did this page help you?