Integration with Microsoft Intune

Preparing UEM Platform for Integration

Prerequisites

Harmony Mobile service integrates with Microsoft Intune through Azure Portal.

To enable integration:

  1. Configure Microsoft Intune for UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. Authority. For more information, see Android device enrollment guide for Microsoft Intune | Microsoft Learn.

  2. Configure Microsoft Intune with an Apple Push Certificate (APNS). For more information, see iOS/iPadOS device enrollment guide for Microsoft Intune | Microsoft Learn.

  3. Valid Microsoft license that allows the integration with Harmony Mobile. The following components should be included in the Microsoft license:

    • Conditional Access

    • Microsoft Intune plan1

    • Microsoft Entra ID P1

    Check Point recommends Enterprise Security (EMS) E3 or E5 license.

Microsoft Intune Console view:

Best Practice - For integration with the Check Point Harmony Mobile, use Security groups to set up the same UEM hierarchy as in your organization's internal hierarchy, or set up groups based on Microsoft Intune features and content.

High-Level Workflow

00:00: Microsoft Intune is a cloud-based service for mobile device management. This is a three-part video series that shows how to apply Mobile Application Management Policy from Microsoft Intune to iOS devices in your organization. This policy forces users to download the Harmony Mobile Protect App if they want to use other apps for example, Microsoft Teams. The first part of the video shows how to create a security group, a user and add an iOS device in the Microsoft Intune Admin Center. 00:33: Access the Microsoft Intune admin center. Go to Groups and New group. 00:38: Enter the group details as shown and click Create. 00:42: In the Groups page, locate and click the Security Group you just created. 00:47: To assign user licenses to the Security Group, navigate to Licenses and then Assignments. 00:53: Select the Enterprise Mobility + Security E5 license. Make sure that all the licenses options are selected under Review license options as shown and click Save. 01:03: To create a new user, go to Users and then click New User and then select Create new user. 01:10: In the Basics tab, enter the user details and click Next. 01:14: Skip the Properties tab and click Next. 01:17: In the Assignments tab, click Add group, select your Security Group and click Select. 01:23: Click Review + create 01:26: Review the user details and click Create 01:29: Now, to associate the iOS device with this user, install the Microsoft Authenticator App on the user's mobile device with the user credentials that you just created. 01:40: After you install the Microsoft Authenticator app on the device, in the Microsoft InTune Admin center, go to Devices and iOS iPadOS devices and make sure the device you just enrolled is listed. Note that it could take a while to list the device. If the device is not listed, enable Microsoft Teams Exploratory license for your group. For more information, see step 5 in this video. Now, install the Microsoft Teams app on the device with the user credentials and repeat this step. 02:14: This concludes the first part of this video series. Continue with the second part, configuring Mobile Application Management policy on Microsoft Intune Admin Center. Thank you for watching the video.

  1. Create Security Group(s) for the Harmony Mobile users to organize users and devices and connect them to Harmony Mobile. See Creating a User Group for Harmony Mobile. For more information, see Microsoft Intune online guide.

  2. Assign Microsoft Intune licenses for the Harmony Mobile users to enroll the devices in Microsoft Intune. For more information see Microsoft Intune online guide.

  3. Add the Harmony Mobile users to Microsoft Intune and create Administrator accounts. For more information see Microsoft Intune online guide.

  4. Enroll devices to Microsoft Intune. For more information see Microsoft Intune online guide.

  5. Create an Administrator account for integration between the Harmony Mobile and Microsoft Intune. See Creating Administrator Account for Integration with the Harmony Mobile.

  6. Configuring UEM to Deploy the Harmony Mobile Protect App.

Creating a User Group for Harmony Mobile

To deploy the Harmony Mobile policies, configurations, apps, and more in Microsoft Intune, you must create special Security Group(s) for the Harmony Mobile users and add these users to the Harmony Mobile Dashboard.

Creating Security Group for your Devices

  1. On your Microsoft Intune Admin Center, go to Groups > All groups and click New Group.

  2. On the New Group tab, enter these:

    • Group type - Security

    • Group name - Harmony_Users

    • Membership type - Assigned

  3. Click Create.

For more information see the Microsoft Intune online guide.

Adding User Licenses to the Security Group

  1. On your Microsoft Intune Admin Center, go to the group created in the previous step: Groups > All groups > Harmony_Users > Licenses and click +Assignments.

  2. In the Update License assignments view, under Select License, select a license, i.e. Enterprise Mobility + Security E5, and under Review license options, select Enterprise Mobility + Security E5.

  3. See that all the licenses options are checked and click Save.

For more information see the Microsoft Intune online guide.

Adding Users to the Security Group

Note - Repeat these steps to add additional users.

  1. On your Microsoft Intune Admin Center, go to UsersAll users. Click + New User > Create new user.

  2. In the Create new user window, enter these:

    1. User principal name - An email address (for example, harmony_user@checkpointtrial.onmicrosoft.com)

    2. Display name - Name to display.

    3. Password - Password for the user.

  3. (Optional) Enter the details in the Properties tab.

  4. In the Assignments tab, click + Add group and select the Security group created in the previous steps.

  5. Click Select.

  6. Click Review + Create.

  7. Click Create.

For more information see the Microsoft Intune online guide.

Enrolling Devices to Microsoft Intune

To manage your devices and apps and their access to your company data you must enroll them in the Microsoft Intune service.

For more information see the Microsoft Intune online guide.

Creating Administrator Account for Integration with the Harmony Mobile

To create an Administrator Account for Harmony Mobile:

  1. On your Microsoft Intune Admin Center, go to UsersAll users. Click + New User > Create new user.

  2. In the Create new user window, enter these:

    1. User principal name - An email address (for example, harmony_admin@checkpointtrial.onmicrosoft.com)

    2. Display name - Name to display.

    3. Password - Password for the administrator user.

  3. In the Assignments tab, click + Add role and select Global Administrator on the right pane.

    Note - We recommend that you create a Global administrator role. This role is required to grant the required permissions for these apps, created on Azure through APIs, after the integration is set:

    • Harmony Mobile Enterprise App

    • Harmony Mobile – Android

    • Harmony Mobile – iOS

    After the permissions are granted, you may delete the Global administrator role.

    You can also complete the integration with Privileged Role Administrator. For more information, see the Microsoft Intune online guide.

  4. Click Select.

  5. Click Review + Create.

  6. Click Create.