Some companies have strict security policies and restrict the download of applications to business devices. In this case, the device's application store is blocked and replaced with an MDM (Mobile Device Management) protocol fully controlled by the company.
The company can apply data protection policies over all the applications delivered through the MDM, which the common applications downloaded through specific stores don’t allow. One of these MDMs available in the market is Microsoft Intune.
Microsoft Intune provides device management over all downloaded applications, including settings, features, and security. Bizagi App can be delivered using Intune, allowing the use of special features powered by Intune. This article explains how to use the Bizagi App with Microsoft Intune.
There are restrictions when integrating Bizagi App with Intune:
•You need to have a Microsoft Intune license or Office 365.
•The devices must have installed the Microsoft Intune Company Portal app.
•Features with app participation, such as restricting saving information to a specific location, are not supported.
•You must define the users and groups to whom you want to deliver the Bizagi App.
How to deliver Bizagi App through Intune without using Data Protection policies
Before you can manage Bizagi App, you must add it to Microsoft Intune in the Microsoft Endpoint Manager Admin Center. The procedure may slightly vary according to the device manufacturer (iOS or Android).
If no data protection policies are required, we recommend that you add the Bizagi App directly from the store. The procedure to add Bizagi App to Microsoft Intune is explained in the Microsoft Official documentation site in the article Add apps to Microsoft Intune.
How to deliver Bizagi App through Intune using Data Protection policies
This procedure is also performed in the Microsoft Endpoint Manager Admin Center. If you want to add data protection policies, the procedure has four steps.
1. Contact us via a Support Ticket to request the application installation file (For iOS, an .ipa file. For Android, an .apk file).
2. Execute the Intune Wrapper in the app following the procedure explained here:
Consider the following technical detail during the wrapping process:
➢The Bizagi iOS workspace has two projects and the .ipa sent is signed with Adhoc provisioning profiles. To use the wrapper, you need to use two new provisioning profiles with two new app ids (such as [CompID].com.bizagi.package, [CompID].com.bizagi.package.notifications where [CompID] is the token autogenerated by Apple) which enable the installation in the company devices.
➢Both new provisioning profiles require identifications the following permissions to allow the wrapping:
▪App groups with at least one group allowed, for example group.com.bizagi.package.
➢For Android, a new signing key is required to distribute the app internally, you can follow Android’s guide and generate a new one for internal distribution and update of the app. https://docs.microsoft.com/en-us/intune/developer/app-wrapper-prepare-android#reusing-signing-certificates-and-wrapping-apps.
3. Once the app is wrapped, add it following the procedure explained in the Microsoft Official documentation site in the article Add apps to Microsoft Intune, this time, as app type you need to follow the procedure for Apps written in-house (line-of-business).
4. Once you receive the application installation file, apply your own Data Protection policies following the procedure described in Use app protection policies.
oIf the app deployed is an iOS line-of-business managed app, there is a specific App Configuration rule that must be defined to apply app protection policies. Follow the procedure explained in https://docs.microsoft.com/en-us/intune/apps/app-protection-policies#target-app-protection-policies-based-on-device-management-state.
oFor other tokens that can be used to identify apps and use in wrapped app, follow the procedure explained in https://docs.microsoft.com/en-us/intune/apps/app-configuration-policies-use-ios.
oIf any error is found while deploying app protection policies, the logs can be seen following this guide https://docs.microsoft.com/en-us/intune/apps/app-protection-policy-settings-log.
How your users install Bizagi App from Microsoft Intune
Follow the procedure explained for your device manufacturer to enroll your users' devices using Intune’s company portal app and install the Bizagi App through the MDM.
Regardless of your device manufacturer, go to the App store to download and install the Intune Company Portal app on your device.