Integration with Microsoft Intune

Preparing UEM Platform for Integration

Prerequisites

Harmony Mobile service integrates with Microsoft Intune through Azure Portal.

To enable integration:

  1. Configure Microsoft Intune for UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. Authority. For more information, see Android device enrollment guide for Microsoft Intune | Microsoft Learn.

  2. Configure Microsoft Intune with an Apple Push Certificate (APNS). For more information, see iOS/iPadOS device enrollment guide for Microsoft Intune | Microsoft Learn.

Microsoft Intune Console view:

Best Practice - For integration with the Check Point Harmony Mobile, use Security groups to set up the same UEM hierarchy as in your organization's internal hierarchy, or set up groups based on Microsoft Intune features and content.

General Workflow

  1. Create Security Group(s) for the Harmony Mobile users to organize users and devices and connect them to Harmony Mobile. See Creating a User Group for Harmony Mobile. For more information, see Microsoft Intune online guide.

  2. Assign Microsoft Intune licenses for the Harmony Mobile users to enroll the devices in Microsoft Intune. For more information see Microsoft Intune online guide.

  3. Add the Harmony Mobile users to Microsoft Intune and create Administrator accounts. For more information see Microsoft Intune online guide.

  4. Enroll devices to Microsoft Intune. For more information see Microsoft Intune online guide.

  5. Create an Administrator account for integration between the Harmony Mobile and Microsoft Intune. See Creating Administrator Account for Integration with the Harmony Mobile.

  6. Configuring UEM to Deploy the Harmony Mobile Protect app.

Creating a User Group for Harmony Mobile

To deploy the Harmony Mobile policies, configurations, apps, and more in Microsoft Intune, you must create special Security Group(s) for the Harmony Mobile users and add these users to the Harmony Mobile Dashboard.

Creating Security Group for your Devices

  1. On your Microsoft Intune portal, go to Groups > All groups and click +New Group.

  2. On the New Group tab, enter this information:

    • Group type - Security

    • Group name - Harmony_Users

    • Membership type - Assigned

  3. Click Create.

For more information see the Microsoft Intune online guide.

Adding User Licenses to the Security Group

  1. On your Microsoft Intune Console, go to the group created in the previous step: Groups > All groups > Harmony_Users > Licenses and click +Assignments.

  2. In the Update License assignments view, under Select License, check the Enterprise Mobility + Security E5 check box, and under Review license options, select Enterprise Mobility + Security E5.

  3. See that all the licenses options are checked and click Save.

For more information see the Microsoft Intune online guide.

Adding Users to the Security Group

Note - Repeat these steps to add additional users.

  1. On your Microsoft Intune Console, go to All Users and click +New User.

  2. In the User window, select Create User and enter the following information:

    • Name - free text

    • User Name - an email address

    • First Name and Last Name - optional

  3. Under the Groups and roles section > Groups, select the Security group created in the previous steps.

  4. Click Select.

  5. Click Create.

For more information see the Microsoft Intune online guide.

Enrolling Devices to Microsoft Intune

To manage your devices and apps and their access to your company data you must enroll them in the Microsoft Intune service.

For more information see the Microsoft Intune online guide.

Creating Administrator Account for Integration with the Harmony Mobile

To create an Administrator Account for Harmony Mobile:

Set a new Administrator account:

  1. On the Microsoft Intune Console, go to All Users and click +New User.

  2. In the User window, enter this information:

    • Name - free text

    • User Name - an email address (for example, harmony_admin@checkpointtrial.onmicrosoft.com).

  3. Go to Groups and roles section, click Roles > User

  4. Select Global administrator on the right pane.

    Note - We recommend that you create a Global administrator role. This role is required to grant the required permissions for these apps, created on Azure through APIs, after the integration is set:

    • Harmony Mobile Enterprise App

    • Harmony Mobile – Android

    • Harmony Mobile – iOS

    After the permissions are granted, you may delete the Global administrator role.

    You can also complete the integration with Privileged Role Administrator. For more information, see the Microsoft Intune online guide.

  5. Click Select.

  6. Click Create.