Microsoft Intune Integration with the WatchGuard Mobile Security Android App

Microsoft Intune is a cloud-based endpoint management service that organizations use to manage devices and apps. The Intune Company Portal app enables members of an organization to download and install organization-approved apps.

This document describes how to configure Intune to make the WatchGuard Mobile Security app available to Android devices in your organization through the Company Portal app.

Contents

Integration Summary

The hardware and software used in this guide include:

  • Microsoft Intune
  • WatchGuard Mobile Security App v3.13.0
  • Mobile device with Android 16

Before You Begin

Before you begin these procedures, make sure that you:

  • Have a global administrator or user management administrator account to log in to Microsoft Intune.
  • Have a WatchGuard Cloud account with an Endpoint Security license.
  • Enroll your Android devices in Microsoft Intune. For information, go to Enroll Android Device. (external link)

This integration guide applies to WatchGuard Advanced EPDR, WatchGuard EPDR, and WatchGuard EPP. In this guide, we use EPDR as an example.

Additional charges might apply to Microsoft Intune. For more information about Intune, go to Microsoft Intune Overview. (external link)

Copy the Integration URL in Endpoint Security

  1. Log in to WatchGuard Cloud with your WatchGuard Cloud operator account credentials.
    If you log in with a Service Provider account, you must select a Subscriber account from Account Manager.
  2. Select Configure > Endpoint Security.
  3. Select Computers.
  4. Click Add Computer.
    The Add computers dialog box opens.
  5. Click Android.

    6. Screenshot of iOS icon on Add Computers dialog box

  6. Click Send URL by email.

    7. Screenshot of option to install with another MDM
    The operating system opens an email dialog box that includes required information for the integration.

  7. Copy the integration URL for use later in the Configure Microsoft Intune procedure.

    8. Screenshot of integration configuration information page on Add Computer dialog box for iOS devices (another MDM solution)

Configure Microsoft Intune

To configure Microsoft Intune, you must:

  1. Create an Assignment Filter Rule.
  2. Add the Mobile Security App.

Create an Assignment Filter Rule

Create a device filter assignment rule to determine which Android devices the WatchGuard Mobile Security app is pushed to.

To create a device assignment filter rule, in Microsoft Intune:

  1. Log in to Microsoft Intune as an administrator.
  2. From the left navigation pane, select Tenant administration.
    The Tenant admin page opens.
  3. In the search box, type Assignment filters, and select Assignment filters from the list that appears.
    The Assignment filters page opens.
  4. From the Create drop-down list, select Managed devices.

    5. Screenshot of Create New Group in Intune

  5. On the Basic page, in the Filter name text box, type a filter name. For example, type Filter rule for Android.
  6. From the Platform drop-down list, select the device platform. For example, select Android Enterprise.

    7. Screenshot of Create New Group in Intune

  7. Click Next.
  8. From the Property drop-down list, select a property you want to filter for the devices. For example, select deviceName (Device name).
  9. From the Operator drop-down list, select a filter operation. For example, select Contains.
  10. From the Value text box, type the property value you want to filter for. For example, type Android Enterprise.
  11. Click Next.
  12. Click Create.

    13. Screenshot of Create New Group in Intune

Add the Mobile Security App

After you create a filter, add the app to Intune. You can then define the details shown for the app in Company Portal, and configure settings such as device requirements, detection rules, and user assignments.

To add the WatchGuard Mobile Security app, in Microsoft Intune:

  1. Log in to Microsoft Intune as an administrator.
  2. Select Apps > All Apps > Create.
    The Select app type page opens.
  3. From the App type drop-down list, select Managed Google Play app.

Screenshot of the Select App Type page in Intune

  1. Click Select.
    The Managed Google Play page opens.
  2. In the Search text box, type WatchGuard Mobile Security, and press Enter.

Screenshot of the Search and select App page in Intune

  1. Select the WatchGuard Mobile Security app.
  2. In the upper-left corner, click Sync.
    The All Apps page opens.

Screenshot of Add App information page in Intune

  1. Wait for 1 to 2 minutes, and then click Refresh.
    The WatchGuard Mobile Security app shows on the page.

To assign the WatchGuard Mobile Security app to select Android devices:

  1. In the All Apps page, select the WatchGuard Mobile Security to push to registered devices.
    The WatchGuard Mobile Security settings page opens.
  2. Click Properties.
  3. In the Assignment section, click Edit.
    The Edit application page opens.
  4. In the Required section, select Add all devices.
  5. In the Filter column, click None for the Included (All devices) assignment.
    The Assignment filters page opens.
  6. Select Include filtered devices in assignment.
  7. Select the filter rule you created.
  8. Click Select.
  9. Click Review + save.
  10. Click Save.

To assign the integration configuration of WatchGuard Mobile Security app to devices:

  1. Select Apps > Configuration.
  2. From the Create drop-down list, select Managed devices.
    The Create app configuration policy page opens.
  3. On the Basics page:
    1. In the Name text box, type a description name for the policy. For example, type For Android Devices.
    2. From the Platform drop-down list, select Android Enterprise.
    3. From the Profile Type drop-down list, select a profile type. For example, select All Profile Types.
    4. Click Select app.
      The Associated app list shows on the right. Select the app you want to push.
    5. Click OK.
  4. Click Next.
  5. On the Settings page:
    1. From the Configuration settings format drop-down list, select Use configuration designer.
    2. Under Use the JSON editor to configure the disabled configuration keys, click Add.
      The Configuration key list shows on the right. Select Integration URL and Use automatic name.
    3. Click OK.
    4. In the Configuration value text box of the Integration URL section, paste the integration URL you copied from the email.
  6. Click Next.
  7. On the Assignments page:
    1. In the Included groups section, click Add all devices.
    2. Click Edit filter.
      The Assignment filters page shows on the right. Select Include filtered devices in assignment, and click the filter rule you created.
  8. Click Select.

    9. Screenshot of Add App information page in Intune

  9. Click Next.
  10. Click Create.
    It can take several seconds to add the configuration.

Test Integration of Android Devices with Intune

To test the integration, you reset the device and complete the configuration in Intune. You can then view the integrated device in the Endpoint Security management UI.

To test the integration with an Android device, from Microsoft Intune:

  1. Log in to Microsoft Intune.
  2. Select Devices > Android > Enrollment.
  3. In the Enrollment Profiles section, select the profile you created. For example, select Corporate-owned dedicated devices.
    The Corporate-owned dedicated devices page opens.
  4. Click Create Policy.
    The Create profile page opens.
  5. In the Basics section:
    1. In the Name text box, type a description name for the profile. For example, type Enrollment profile.
    2. From the Token type drop-down list, select Corporate-owned dedicated device (default).
    3. In the Token expiration date schedule table, select the expiration date.
  6. Click Next.
  7. In the Device group section, keep all the default settings. Click Next.
  8. Click Create.

    9. Screenshot of WatchGuard Mobile Security app confirmation on iOS device

  9. Select the policy you created.
    The Policy page opens.
  10. Select Token > Show token.
    The token and QR code show.

    11. Screenshot of WatchGuard Mobile Security app confirmation on iOS device

  11. Factory-reset the Android device.
  12. Connect the device to a network that can access Google. On the Google Sign-In Screen, type afw#setup.
  13. Scan the QR code with your device.
    Wait for several minutes. The device registers with Intune. When enrollment is complete, the device has three apps installed: Intune, Company Portal, and the WatchGuard Mobile Security app.

    14. Screenshot of WatchGuard Mobile Security app confirmation on Android device

  14. Open the WatchGuard Security Mobile app on the device. Follow the prompts to complete the configuration.

    15. Screenshot of WatchGuard Mobile Security app confirmation on Android device

To test the integration, from the Endpoint Security management UI:

  1. Log in to WatchGuard Cloud with your WatchGuard Cloud operator account credentials.
    If you log in with a Service Provider account, you must select a Subscriber account from Account Manager.
  2. Select Monitor > Endpoint Security.
  3. Select the device you configured in the Configure Microsoft Intune section.
    You should be able to view the device details of the Android device.

Screenshot of mobile device in Endpoint Security management UI

You can also review some device details in WatchGuard Cloud for endpoints with the WatchGuard Agent installed. Select Monitor > Endpoints, and then select the Android device from the list of endpoints.

Related Topics

Microsoft Intune (external link)

Install the WatchGuard Mobile App on Android Devices