Integration with Microsoft Intune

Preparing UEM Platform for Integration

Prerequisites

Mobile Security service integrates with Microsoft Intune through Azure Portal.

To enable integration:

  1. Configure Microsoft Intune for UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. Authority. For more information, see Android device enrollment guide for Microsoft Intune | Microsoft Learn.

  2. Configure Microsoft Intune with an Apple Push Certificate (APNS). For more information, see iOS/iPadOS device enrollment guide for Microsoft Intune | Microsoft Learn.

  3. Valid Microsoft license that allows the integration with Mobile Security. The following components should be included in the Microsoft license:

    • Conditional Access

    • Microsoft Intune plan1

    • Microsoft Entra ID P1

    Check Point recommends Enterprise Security (EMS) E3 or E5 license.

Best Practice - For integration with Check Point Mobile Security, use Security groups to set up the same UEM hierarchy as in your organization's internal hierarchy, or set up groups based on Microsoft Intune features and content.

High-Level Workflow

00:00: Microsoft Intune is a cloud-based service for mobile device management. This video shows how to create a security group, a user and enroll an iOS device in the Microsoft Intune Admin Center.

00:13: Access the Microsoft Intune admin center. Go to Groups, All Groups and click New group.

00:18: Enter the group details as shown and click Create.

00:21: In the Groups page, locate and click the Security Group you just created.

00:26: To assign user licenses to the Security Group, navigate to Licenses. Go to Licenses section in Microsoft 365 Admin Center. See the link on the top-right corner.

00:37: Select the Enterprise Mobility + Security E5 license.

00:42: Go to the Groups tab and click Assign licenses. On the right panel, select the security group you created and click Assign licenses.

00:50: To create a new user in the Intune Admin center, go to Users and then click New User and then select Create new user.

00:57: In the Basics tab, enter the user details and click Next.

01:01: Skip the Properties tab and click Next.

01:04: In the Assignments tab, click Add group and select your Security group. Click Select.

01:09: Click Review + Create and then click Create.

01:13: Now, create a user with Global Administrator role to grant permissions during the integration in the Harmony Mobile Administrator Portal.

01:21: Follow steps 7 to 11 to create a new user. In the Assignments tab, click Add role and select Global Administrator under Directory roles and click Select.

01:32: Click Review + create

01:35: Review the user details and click Create

01:38: Now, to enroll the iOS device for this user, install the Microsoft Authenticator App on the user's mobile device with the user credentials that you just created.

01:49: After you install the Microsoft authenticator app on the device, in the Microsoft InTune admin Center, go to devices, and iOS iPad, OS devices, and make sure the device you enrolled is listed.

02:03: Note that it could take a while to list the device. If the device is not listed enable Microsoft teams exploratory license for your group for more information, see steps 4 and 5 in this video. Now install the Microsoft teams app on the device with the user credentials and repeat this step.

02:24: Thank you for watching the video.

  1. Create Security Group(s) for the Mobile Security users to organize users and devices and connect them to Mobile Security. See Creating a User Group for Mobile Security.

  2. Assign Microsoft Intune licenses for the Mobile Security users to enroll the devices in Microsoft Intune. See Adding User Licenses to the Security Group.

  3. Add the Mobile Security users to Microsoft Intune. See Adding Users to the Security Group.

  4. Enroll devices to Microsoft Intune. See Enrolling Devices to Microsoft Intune.

  5. Create an Administrator account for integration between the Mobile Security and Microsoft Intune. See Creating Administrator Account for Integration with the Mobile Security.

  6. Configuring UEM to Deploy the Harmony Mobile Protect app.

Creating a User Group for Mobile Security

To deploy the Mobile Security policies, configurations, apps, and more in Microsoft Intune, you must create special Security Group(s) for the Mobile Security users and add these users to the Mobile Security Dashboard.

Creating Security Group for your Devices

  1. In the Microsoft Intune Admin Center, go to Groups > All groups and click New Group.

  2. In the New Group window, enter these:

    • Select Group type as Security.

    • In the Group name field, enter a name for the group. For example, Harmony_Users.

    • Select Membership type as Assigned.

  3. Click Create.

For more information, see the Microsoft Intune online guide.

Adding User Licenses to the Security Group

  1. In the Microsoft Intune Admin Center, go to the group created in the previous step:

    Groups > All groups > Harmony_Users.

  2. Click Licenses.

  3. Go to Licenses section in Microsoft 365 Admin Center.

  4. Select the Enterprise Mobility + Security E5 license.

  5. Go to the Groups tab and click Assign licenses.

  6. On the right panel, select the security group you created and click Assign licenses.

Adding Users to the Security Group

  1. In the Microsoft Intune Admin Center, go to UsersAll users. Click + New User > Create new user.

  2. In the Create new user window, enter these:

    1. User principal name - An email address (for example, harmony_user@checkpointtrial.onmicrosoft.com)

    2. Display name - Name to display.

    3. Password - Password for the user.

  3. Go to the Assignments tab and click + Add group.

  4. Select the security group you created.

  5. Click Review + Create.

  6. Click Create.

Note - Repeat these steps to add additional users.

For more information, see the Microsoft Intune online guide.

Enrolling Devices to Microsoft Intune

To manage your devices and apps and their access to your company data, you must enroll them in the Microsoft Intune service.

For more information, see the Microsoft Intune online guide.

Creating Administrator Account for Integration with the Mobile Security

To create an Administrator Account for Mobile Security:

  1. In the Microsoft Intune Admin Center, go to UsersAll users.

  2. Click + New User > Create new user.

  3. In the Create new user window, enter these:

    1. User principal name - An email address (for example, harmony_admin@checkpointtrial.onmicrosoft.com)

    2. Display name - Name to display.

    3. Password - Password for the administrator user.

  4. Go to the Assignments tab and click + Add role.

  5. Select Global Administrator role in the right pane.

    Note - We recommend that you create a Global administrator role. This role is required to grant the required permissions for these apps, created on Azure through APIs, after the integration is set:

    • Mobile Security Enterprise App

    • Mobile Security – Android

    • Mobile Security – iOS

    After the permissions are granted, you may delete the Global administrator role.

    You can also complete the integration with Privileged Role Administrator. For more information, see the Microsoft Intune online guide.

  6. Click Review + Create.

  7. Click Create.