Integration with Microsoft Intune

Preparing UEM Platform for Integration

Prerequisites

Harmony Mobile service integrates with Microsoft Intune through Azure Portal.

To enable integration:

  1. Configure Microsoft Intune for UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. Authority. For more information, see Android device enrollment guide for Microsoft Intune | Microsoft Learn.

  2. Configure Microsoft Intune with an Apple Push Certificate (APNS). For more information, see iOS/iPadOS device enrollment guide for Microsoft Intune | Microsoft Learn.

  3. Valid Microsoft license that allows the integration with Harmony Mobile. The following components should be included in the Microsoft license:

    • Conditional Access

    • Microsoft Intune plan1

    • Microsoft Entra ID P1

    Check Point recommends Enterprise Security (EMS) E3 or E5 license.

Best Practice - For integration with Check Point Harmony Mobile, use Security groups to set up the same UEM hierarchy as in your organization's internal hierarchy, or set up groups based on Microsoft Intune features and content.

High-Level Workflow

00:00: Microsoft Intune is a cloud-based service for mobile device management. This video shows how to create a security group, a user and enroll an iOS device in the Microsoft Intune Admin Center.

00:13: Access the Microsoft Intune admin center. Go to Groups, All Groups and click New group.

00:18: Enter the group details as shown and click Create.

00:21: In the Groups page, locate and click the Security Group you just created.

00:26: To assign user licenses to the Security Group, navigate to Licenses. Go to Licenses section in Microsoft 365 Admin Center. See the link on the top-right corner.

00:37: Select the Enterprise Mobility + Security E5 license.

00:42: Go to the Groups tab and click Assign licenses. On the right panel, select the security group you created and click Assign licenses.

00:50: To create a new user in the Intune Admin center, go to Users and then click New User and then select Create new user.

00:57: In the Basics tab, enter the user details and click Next.

01:01: Skip the Properties tab and click Next.

01:04: In the Assignments tab, click Add group and select your Security group. Click Select.

01:09: Click Review + Create and then click Create.

01:13: Now, create a user with Global Administrator role to grant permissions during the integration in the Harmony Mobile Administrator Portal.

01:21: Follow steps 7 to 11 to create a new user. In the Assignments tab, click Add role and select Global Administrator under Directory roles and click Select.

01:32: Click Review + create

01:35: Review the user details and click Create

01:38: Now, to enroll the iOS device for this user, install the Microsoft Authenticator App on the user's mobile device with the user credentials that you just created.

01:49: After you install the Microsoft authenticator app on the device, in the Microsoft InTune admin Center, go to devices, and iOS iPad, OS devices, and make sure the device you enrolled is listed.

02:03: Note that it could take a while to list the device. If the device is not listed enable Microsoft teams exploratory license for your group for more information, see steps 4 and 5 in this video. Now install the Microsoft teams app on the device with the user credentials and repeat this step.

02:24: Thank you for watching the video.

  1. Create Security Group(s) for the Harmony Mobile users to organize users and devices and connect them to Harmony Mobile. See Creating a User Group for Harmony Mobile.

  2. Assign Microsoft Intune licenses for the Harmony Mobile users to enroll the devices in Microsoft Intune. See Adding User Licenses to the Security Group.

  3. Add the Harmony Mobile users to Microsoft Intune. See Adding Users to the Security Group.

  4. Enroll devices to Microsoft Intune. See Enrolling Devices to Microsoft Intune.

  5. Create an Administrator account for integration between the Harmony Mobile and Microsoft Intune. See Creating Administrator Account for Integration with the Harmony Mobile.

  6. Configuring UEM to Deploy the Harmony Mobile Protect App.

Creating a User Group for Harmony Mobile

To deploy the Harmony Mobile policies, configurations, apps, and more in Microsoft Intune, you must create special Security Group(s) for the Harmony Mobile users and add these users to the Harmony Mobile Dashboard.

Creating Security Group for your Devices

  1. In the Microsoft Intune Admin Center, go to Groups > All groups and click New Group.

  2. In the New Group window, enter these:

    • Select Group type as Security.

    • In the Group name field, enter a name for the group. For example, Harmony_Users.

    • Select Membership type as Assigned.

  3. Click Create.

For more information, see the Microsoft Intune online guide.

Adding User Licenses to the Security Group

  1. In the Microsoft Intune Admin Center, go to the group created in the previous step:

    Groups > All groups > Harmony_Users.

  2. Click Licenses.

  3. Go to Licenses section in Microsoft 365 Admin Center.

  4. Select the Enterprise Mobility + Security E5 license.

  5. Go to the Groups tab and click Assign licenses.

  6. On the right panel, select the security group you created and click Assign licenses.

Adding Users to the Security Group

  1. In the Microsoft Intune Admin Center, go to UsersAll users. Click + New User > Create new user.

  2. In the Create new user window, enter these:

    1. User principal name - An email address (for example, harmony_user@checkpointtrial.onmicrosoft.com)

    2. Display name - Name to display.

    3. Password - Password for the user.

  3. Go to the Assignments tab and click + Add group.

  4. Select the security group you created.

  5. Click Review + Create.

  6. Click Create.

Note - Repeat these steps to add additional users.

For more information, see the Microsoft Intune online guide.

Enrolling Devices to Microsoft Intune

To manage your devices and apps and their access to your company data, you must enroll them in the Microsoft Intune service.

For more information, see the Microsoft Intune online guide.

Creating Administrator Account for Integration with the Harmony Mobile

To create an Administrator Account for Harmony Mobile:

  1. In the Microsoft Intune Admin Center, go to UsersAll users.

  2. Click + New User > Create new user.

  3. In the Create new user window, enter these:

    1. User principal name - An email address (for example, harmony_admin@checkpointtrial.onmicrosoft.com)

    2. Display name - Name to display.

    3. Password - Password for the administrator user.

  4. Go to the Assignments tab and click + Add role.

  5. Select Global Administrator role in the right pane.

    Note - We recommend that you create a Global administrator role. This role is required to grant the required permissions for these apps, created on Azure through APIs, after the integration is set:

    • Harmony Mobile Enterprise App

    • Harmony Mobile – Android

    • Harmony Mobile – iOS

    After the permissions are granted, you may delete the Global administrator role.

    You can also complete the integration with Privileged Role Administrator. For more information, see the Microsoft Intune online guide.

  6. Click Review + Create.

  7. Click Create.