Configuring the Mobile Security Administrator Portal UEM Integration Settings

The following section includes all necessary configuration steps for Mobile Security Administrator Portal that enables the integration with Microsoft Intune UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point..

Note - For the settings required in the Microsoft Intune portal, see Preparing UEM Platform for Integration.

Prerequisites

You need these details from your Microsoft Intune deployment:

  • Server: The URL of your Microsoft Intune system. Usually, it is the same as the Microsoft Intune Console.

  • User name and Password: Credentials that the Mobile Security dashboard uses to connect to the Microsoft Intune UEM. See Creating Administrator Account for Integration with the Mobile Security.

  • Security Group(s): The Microsoft Entra ID (formerly Azure AD) mobile device / Microsoft Intune user groups to which the devices are registered and then integrated with the Mobile Security Administrator Portal. You can integrate several groups in the same Mobile Security dashboard instance. Separate each group name with a semicolon (;). See Creating a User Group for Mobile Security

Note - If you are integrating with a single UEM solution, it is recommended that you delete any existing devices before you start configuring the integration in Mobile Security Administrator Portal.

Configuring UEM Integration Settings

00:00: Microsoft Intune is a cloud-based service for mobile device management.

00:03: This video shows how to integrate Microsoft Intune in the Mobile Security

00:08: Administrator Portal, (formerly Harmony Mobile). As a prerequisite,

00:12: make sure you have configured users and devices in the Microsoft Intune Admin Center.

00:19: Log in to Check Point Portal and access Mobile Security. Go to Settings

00:23: and

00:24: Integrations. Click the + sign on the widget and select UEMs.

00:28: Select Intune and click Next.

00:31: Enter a name for the integration.

00:34: Click the first Add to my organization button to sign in to Microsoft Azure.

00:39: Sign in with your Microsoft Azure credentials. Make sure you have the Global Administrator role in the Microsoft Intune portal.

00:47: Review the permissions and click Accept.

00:50: Repeat the steps to grant permissions for iOS and Android.

00:54: Click Verify and then click Next.

00:57: In the Synchronization section, Groups field, select the groups you want to integrate

01:01: with Mobile Security.

01:02: If you use Android Enterprise, select the relevant groups.

01:06: If you use Mobile Application Management, select the MAM user groups.

01:11: In the Advanced section, select the Personally Identifiable Information to import and the interval configuration.

01:19: Click Verify and then Next

01:22: In the Deployment section, select Automatic integration and then click Deploy Now

01:27: After the integration is completed, click Finish.

01:30: The Intune UEM pane appears on the Integrations page. Your Microsoft Intune integration is complete now.

01:37: Thank you for watching the video.

  1. Log in to Check Point Portal and access the Mobile Security Administrator Portal.

  2. Go to Settings > Integrations.

  3. To create a new integration, click +Add > UEMs.

  4. From the UEMs list, select Intune and click Next.

    The Intune integration wizard appears.

  5. Configure the settings for your Microsoft Intune deployment:

    1. Server Details

    2. Synchronization

    3. Deployment

Configuring Server Details

In Server Details section:

  1. In the Display Name field, enter a name for your service.

  2. Click Add to my organization Microsoft Intune, login with the Admin credentials you created for the Mobile Security integration, and accept to add Mobile Security to your organization.

  3. Click Add to my organization iOS devices, login with the Admin credentials you created for the Mobile Security integration, and accept to add Mobile Security to your organization.

  4. Click Add to my organization Android devices, login with the Admin credentials you created for the Mobile Security integration, and accept to add Mobile Security to your organization.

  5. Click Verify and Next.

Configuring Synchronization

Configure the devices and security groups in Microsoft Intune that you want to synchronize with Mobile Security dashboard. The system automatically populates the drop-down list.

Mobile Application Management (MAM) & Mobile Threat Defense (MTD) Integration

  1. In the Group(s) field, select the groups you want to integrate with Mobile Security.

  2. In the Android Enterprise Groups field:

    If you use Android Enterprise and have two different profiles in your devices, select the groups for two deployed applications as part of the Microsoft Intune Android Enterprise deployment. See Using Android Enterprise with Mobile Security.

    Note that this step is relevant if your devices are fully managed on Microsoft Intune with two profiles - work and personal.

  3. If you are using MAM, select the user group that includes the Microsoft Intune MAM users.

  4. In the Advanced section:

    1. You can limit the import of the PII devices (users) to Mobile Security.

      Note - If all entries are OFF, the placeholder information set for the email address is placed in the Device Owner's Email, in form of "UEMDevice UDID@vendor.UEM".

    2. In the Interval Configuration section, set the time intervals to synchronize with the Microsoft Intune UEM.

      Setting

      Description

      Values

      Device sync interval

      Interval to connect with UEM to sync devices.

      10-1440 minutes, in 10 minute intervals.

      Device deletion threshold

      Percentage of devices allowed for deletion after UEM device sync (in %).

      0-100%

      Note - Use 100% for no threshold.

      100% value is recommended for:

      • Evaluation/test usage - When you are adding a small amount of devices.

      • Planned bulk deletion of devices from the UEM (see sk184319). After the devices are deleted from the Mobile Security Admin Portal, set it back to a safer value (such as 5–10%) to prevent accidental mass deletions in the future.

      Device deletion after

      Delay device deletion after several sync attempts - device is deleted after this amount of sync tries that confirmed deletion

      1-100 sync tries.

      App sync interval

      Interval to connect with UEM to sync applications.

      10-1440 minutes, in 10 minute intervals.

  5. Click Verify and Next.

Configuring Deployment

In the Deployment screen, select the integration method.

Automatic Integration

In automatic or one-click integration, Mobile Security performs these actions automatically on the Microsoft Intune portal:

  • Adds the Harmony Mobile Protect app to the App Catalog.

  • Creates the Application Configuration Settings.

  • Assigns the Mobile Security security groups to the App Catalog.

  • Creates the security groups for zero-touch deployment.

  • Creates and assigns profiles for zero-touch deployment.

Prerequisite

Make sure you have enabled the API permissions in Appendix B - Microsoft Intune API Permissions.

To enable automatic integration:

  1. In the Deployment screen, click Automatic integration.

  2. Click Deploy Now.

    When the integration is complete, the Integration was successfully completed message appears and the status appears in green.

  3. In the Advanced section:

    1. To add the device to the Mobile Security dashboard without waiting for the complete sync between Microsoft Intune and the dashboard, select Allow auto device addition prior to device sync. This creates the device in the Mobile Security dashboard.

    2. To generate a random registration code for each device, select the Random registration code per device checkbox.

    3. Select the method to notify user when the device is ready to register:

      • Email

      • SMS

      When the UEM configuration is complete, it notifies the end-user to download and install the Harmony Mobile Protect app.

  4. Click Finish.

    When the integration is complete, the Intune UEM pane appears in the Integrations screen.

    Note - If you remove the automatic integration instance from the Mobile Security Administrator Portal, the system removes all the automatic deployment configurations, including the App config settings, unless an exception occurs during removal.

  5. To view or edit the integration settings, go to Managing the UEM Settings.

    Otherwise, continue with Enabling the MTD Connector in Microsoft Intune Portal.

Manual Integration

To enable Manual Integration:

  1. In the Deployment screen, click Manual integration.

    The system generates a unique token which is the hashed unique identifier of your dashboard. It tells the device to which dashboard it needs to register during the UEM configuration.

    Note - Click the copy to clipboard button to set the token value when you do application configuration in the UEM. See Configuring the Application Configuration Settings.

  2. In the Advanced section:

    1. To add the device to the Mobile Security dashboard without waiting for the complete sync between Microsoft Intune and the dashboard, select Allow auto device addition prior to device sync. This creates the device in the Mobile Security dashboard.

    2. To generate a random registration code for each device, select the Random registration code per device checkbox.

    3. Select the method to notify user when the device is ready to register:

      • Email

      • SMS

      When the UEM configuration is complete, it notifies the end-user to download and install the Harmony Mobile Protect app.

  3. Click Finish.

    When the integration is complete, the Intune UEM pane appears in the Integrations screen.

Managing the UEM Settings

  1. To view the integrated UEM settings, select the UEM pane and click the i icon.

    It shows:

    • Server Status - The latest UEM server configuration status.

    • Device Sync Status - The synchronized groups and the device sync status time stamp.

    • App Sync Status - The last time applications were fetched from the UEM (Applicable for iOS deployment only).

    • Deployment Status- Deployment Configuration and Deployment Status.

  2. To manage the UEM settings, click in the UEM pane.

    1. To edit the UEM settings, click Edit.

    2. To force an immediate device sync without waiting for the next auto sync cycle, click Sync Now.

    3. To temporarily stop or resume the device sync process, click Pause or Resume.

    4. To remove the integration settings. click Remove.

Enabling the MTD Connector in Microsoft Intune Portal

In this step, you configure the Check Point Mobile Threat Defense connector in Microsoft Intune. For more information, see MTD connector guide.

  1. In the Microsoft Intune Admin Center, go to Tenant administration > Connectors and tokens > Mobile Threat Defense.

  2. On the Mobile Threat Defense pane, click Create.

  3. From the list, select Check Point Harmony Mobile.

  4. Make sure it is configured to connect Android devices, iOS Devices and enable app sync for iOS as shown below:

  5. Click Save.