Configuring the Harmony Mobile Administrator Portal UEM Integration Settings

The following section includes all necessary configuration steps for Harmony Mobile Administrator Portal that enables the integration with Microsoft Intune UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point..

Note - For the settings required in the Microsoft Intune portal, see Preparing UEM Platform for Integration.

Prerequisites

You need these details from your Microsoft Intune deployment:

  • Server: The URL of your Microsoft Intune system. Usually, it is the same as the Microsoft Intune Console.

  • User name and Password: Credentials that the Harmony Mobile dashboard uses to connect to the Microsoft Intune UEM. See Creating Administrator Account for Integration with the Harmony Mobile.

  • Security Group(s): The Microsoft Entra ID (formerly Azure AD) mobile device / Microsoft Intune user groups to which the devices are registered and then integrated with the Harmony Mobile Administrator Portal. You can integrate several groups in the same Harmony Mobile dashboard instance. Separate each group name with a semicolon (;). See Creating a User Group for Harmony Mobile

Note - If you are integrating with a single UEM solution, it is recommended that you delete any existing devices before you start configuring the integration in Harmony Mobile Administrator Portal.

Configuring UEM Integration Settings

00:00: This is the third and final part of the video series on how to apply Mobile Application Management Policy from Microsoft Intune to iOS devices in your organization. This policy forces users to download the Harmony Mobile Protect App if they want to use other apps for example, Microsoft Teams. This video shows how to integrate Microsoft Intune UEM in the Harmony Mobile Administrator Portal. As a prerequisite, make sure you have watched the part 1 and part 2 videos in the series. 00:32: Log in to Check Point Infinity Portal and access Harmony Mobile. Go to Settings and Integrations. Click the + sign on the widget and select UEMs. 00:41: Select Intune and click Next. 00:44: Enter a name for the integration. 00:47: Click the first Add to my organization button to sign in to Microsoft Azure. 00:52: Sign in with your Microsoft Azure credentials. 00:55: Review the permissions and click Accept. 00:58: Repeat the steps to grant permissions for iOS and Android. 01:02: Click Verify and then click Next. 01:05: In the Synchronization section, select the Microsoft Intune security groups that you want to synchronize with Harmony Mobile. 01:13: Under MAM Groups, select the Microsoft Intune groups you want to apply the Mobile Application Management policy. 01:20: Click Verify and then click Next. 01:23: In Deployment screen, select Automatic integration and click Deploy Now. 01:28: When the integration is complete, click Finish. 01:31: Your Microsoft Intune MAM policy integration is complete now. 01:35: This concludes this the three-part video series. Thank you for watching the video.

  1. Log in to Check Point Infinity Portal and access the Harmony Mobile Administrator Portal.

  2. Go to Settings > Integrations.

  3. To create a new integration, click +Add > UEMs.

  4. From the UEMs list, select Intune and click Next.

    The Intune integration wizard appears.

  5. Configure the settings for your Microsoft Intune deployment:

    1. Server Details

    2. Synchronization

    3. Deployment

Configuring Server Details

In Server Details section:

  1. In the Display Name field, enter a name for your service.

  2. Click Add to my organization Microsoft Intune, login with the Admin credentials you created for the Harmony Mobile integration, and accept to add Harmony Mobile to your organization.

  3. Click Add to my organization iOS devices, login with the Admin credentials you created for the Harmony Mobile integration, and accept to add Harmony Mobile to your organization.

  4. Click Add to my organization Android devices, login with the Admin credentials you created for the Harmony Mobile integration, and accept to add Harmony Mobile to your organization.

  5. Click Verify and Next.

Configuring Synchronization

Configure the devices and security groups in Microsoft Intune that you want to synchronize with Harmony Mobile dashboard. The system automatically populates the drop-down list.

Mobile Application Management (MAM) & Mobile Threat Defense (MTD) Integration

  1. In the Group(s) field, select the groups you want to integrate with Harmony Mobile.

  2. In the Android Enterprise Groups field:

    If you use Android Enterprise and have two different profiles in your devices, select the groups for two deployed applications as part of the Microsoft Intune Android Enterprise deployment. See Using Android Enterprise with Harmony Mobile.

    Note that this step is relevant if your devices are fully managed on Microsoft Intune with two profiles - work and personal.

  3. If you are using MAM, select the user group that includes the Microsoft Intune MAM users.

  4. In the Advanced section:

    1. You can limit the import of the PII devices (users) to Harmony Mobile.

      Note - If all entries are OFF, the placeholder information set for the email address is placed in the Device Owner's Email, in form of "UEMDevice UDID@vendor.UEM".

    2. In the Interval Configuration section, set the time intervals to synchronize with the Microsoft Intune UEM.

      Setting

      Description

      Values

      Device sync interval

      Interval to connect with UEM to sync devices.

      10-1440 minutes, in 10 minute intervals.

      Device deletion threshold

      Percentage of devices allowed for deletion after UEM device sync (in %).

      0-100% ; use 100% for no threshold *

      Deletion delay after

      Delay device deletion after several sync attempts - device is deleted after this amount of sync tries that confirmed deletion

      1-100 sync tries.

      App sync interval

      Interval to connect with UEM to sync applications.

      10-1440 minutes, in 10 minute intervals.

      * 100% value is recommended for evaluation/test usage - when you are adding a small amount of devices.

  5. Click Verify and Next.

Configuring Deployment

In the Deployment screen, select the integration method.

Automatic Integration

In automatic or one-click integration, Harmony Mobile performs these actions automatically on the Microsoft Intune portal:

  • Adds the Harmony Mobile Protect App to the App Catalog.

  • Creates the Application Configuration Settings.

  • Assigns the Harmony Mobile security groups to the App Catalog.

  • Creates the security groups for zero-touch deployment.

  • Creates and assigns profiles for zero-touch deployment.

Prerequisite

Make sure you have enabled the API permissions in Appendix B - Microsoft Intune API Permissions.

To enable automatic integration:

  1. In the Deployment screen, click Automatic integration.

  2. Click Deploy Now.

    When the integration is complete, the Integration was successfully completed message appears and the status appears in green.

  3. In the Advanced section:

    1. To add the device to the Harmony Mobile dashboard without waiting for the complete sync between Microsoft Intune and the dashboard, select Allow auto device addition prior to device sync. This creates the device in the Harmony Mobile dashboard.

    2. To generate a random registration code for each device, select the Random registration code per device checkbox.

    3. Select the method to notify user when the device is ready to register:

      • Email

      • SMS

      When the UEM configuration is complete, it notifies the end-user to download and install the Harmony Mobile Protect App.

  4. Click Finish.

    When the integration is complete, the Intune UEM pane appears in the Integrations screen.

    Note - If you remove the automatic integration instance from the Harmony Mobile Administrator Portal, the system removes all the automatic deployment configurations, including the App config settings, unless an exception occurs during removal.

  5. To view or edit the integration settings, go to Managing the UEM Settings.

    Otherwise, continue with Enabling the MTD Connector in Microsoft Intune Portal.

Manual Integration

To enable Manual Integration:

  1. In the Deployment screen, click Manual integration.

    The system generates a unique token which is the hashed unique identifier of your dashboard. It tells the device to which dashboard it needs to register during the UEM configuration.

    Note - Click the copy to clipboard button to set the token value when you do application configuration in the UEM. See Configuring the Application Configuration Settings.

  2. In the Advanced section:

    1. To add the device to the Harmony Mobile dashboard without waiting for the complete sync between Microsoft Intune and the dashboard, select Allow auto device addition prior to device sync. This creates the device in the Harmony Mobile dashboard.

    2. To generate a random registration code for each device, select the Random registration code per device checkbox.

    3. Select the method to notify user when the device is ready to register:

      • Email

      • SMS

      When the UEM configuration is complete, it notifies the end-user to download and install the Harmony Mobile Protect App.

  3. Click Finish.

    When the integration is complete, the Intune UEM pane appears in the Integrations screen.

Managing the UEM Settings

  1. To view the integrated UEM settings, select the UEM pane and click the i icon.

    It shows:

    • Server Status - The latest UEM server configuration status.

    • Device Sync Status - The synchronized groups and the device sync status time stamp.

    • App Sync Status - The last time applications were fetched from the UEM (Applicable for iOS deployment only).

    • Deployment Status- Deployment Configuration and Deployment Status.

  2. To manage the UEM settings, click in the UEM pane.

    1. To edit the UEM settings, click Edit.

    2. To force an immediate device sync call without waiting for the next auto sync cycle, click Sync Now.

    3. To temporarily stop or resume the device sync process, click Pause.

    4. To remove the integration settings. click Remove.

Enabling the MTD Connector in Microsoft Intune Portal

In this step, you configure the Check Point Mobile Threat Defense connector in Microsoft Intune. For more information, see MTD connector guide

  1. If you are using the Microsoft Endpoint Manager Admin Center, select Tenant administration > Connectors and tokens > Mobile Threat Defense.

  2. Alternatively, if you are using the Microsoft Intune Portal, select Device Compliance > Mobile Threat Defense.

  3. On the Mobile Threat Defense pane, select Add.

  4. From the list, select the connector Check Point Harmony Mobile.

  5. Make sure it is configured to connect Android devices, iOS Devices and enable app sync for iOS as shown below:

  6. Click Save.