In "Level Up Your Security Using Intune," Udaiappa Ramachandran, an expert in cloud technologies, presents a detailed guide on using Microsoft Intune for enhancing mobile application and device security. The presentation covers two main integration strategies: the Intune SDK, which provides fine-grained control, customization, and long-term maintainability, and the Intune App Wrapper, suitable for legacy apps and rapid prototyping with some feature limitations. Udaiappa's talk, aimed at modern developers, emphasizes the importance of robust mobile security and showcases Intune's capabilities in managing both corporate-owned devices and BYOD scenarios, underlining its critical role in contemporary digital security management.
The Future of Software Development - Devin AI Innovative Approach.pdf
Level up your security using Intune.pptx
1. Level up your security using Intune
Udaiappa Ramachandran ( Udai )
https://udai.io
2. Boston Code Camp 36 - Thanks to our Sponsors!
• Platinum
• Gold
• Silver
• In-Kind Donations
3. About me
• Udaiappa Ramachandran ( Udai )
• CTO/CSO-Akumina, Inc.
• Microsoft Azure MVP
• Cloud Expert
• Microsoft Azure, Amazon Web Services, and Google
• New Hampshire Cloud User Group (http://www.meetup.com/nashuaug )
• https://udai.io
7. Intune SDK Integration
• Fine-grained Control
• Better user experience
• Support for complex features
• Policy Customization
• Wider Feature compatibility
• Long term maintainability
8. Intune AppWrapping Tool
• Legacy Apps without source code access
• Rapid prototyping
• Simple Apps that needs minimal data protection
• Missing features:
• App configuration policies
• Offline Access control
• Conditional Access Integration
• Advanced Data protection controls
• Selective wipes
11. Wrapping APK file
• Reference Links - https://learn.microsoft.com/en-
us/mem/intune/developer/app-wrapper-prepare-android
• Download link - https://github.com/msintuneappsdk/intune-app-wrapping-
tool-android
• Install the InstallAWT.exe in windows machine and locate the App Wrapping
Tool on path C:Program Files (x86)Microsoft Intune Mobile Application
ManagementAndroidApp Wrapping Tool on PowerShell with run as
administration
• Run Import-Module .IntuneAppWrappingTool.psm1 on powerShell
• Run Invoke-AppWrappingTool -InputPath input.apk -OutputPath ouput-
wrapper.apk -Verbose
• Copy the out file from above step (output-wrapper.apk) to sign the file
12. Wrapping IPA file
• Reference Links - https://learn.microsoft.com/en-
us/mem/intune/developer/app-wrapper-prepare-ios
• Download link - https://github.com/msintuneappsdk/intune-app-wrapping-
tool-ios
• Install the Microsoft Intune Application Restrictions Packager for iOS.dmg in
Mac machine and locate the App Wrapping Tool on path
• Go to
/Volumes/IntuneMAMAppPackager/IntuneMAMPackager/Contents/MacOS/I
ntuneMAMPackager -i input.ipa -o output-wrapper.ipa -p provisioning-
profile.mobileprovision -c SHA-256 -v true**
• Copy the output file from previous step (output-wrapper.ipa) as release file.
Finer-grained Control: Integrating the SDK directly into your app's code gives you more precise control over how Intune app protection policies (APP) are applied. You can selectively choose which data and functions fall under the protection policies.
Better User Experience: SDK integration allows for smoother integration of APP features. This can lead to things like a more seamless single sign-on (SSO) experience across managed applications and more intuitive data protection behavior within the app itself.
Support for Complex Features: Certain advanced APP features, such as restricting cut/copy/paste between managed and unmanaged apps, often require SDK integration for proper implementation.
Customization: You can tailor policy enforcement to match your app's specific workflows and requirements. This flexibility is key for scenarios where a one-size-fits-all approach from the wrapping tool is insufficient.
Wider Feature Compatibility: The SDK typically supports a broader range of Intune APP features compared to the App Wrapping Tool, giving you more tools for securing your app.
Long-term Maintainability: Since SDK integration involves changes to your core codebase, it's inherently aligned with your app development lifecycle. This ensures compatibility as you continue to update and improve your app over time.
Legacy Apps without Source Code Access: If you need to manage an app where you don't have the source code, the wrapper provides a way to add basic policy enforcement.
Rapid Prototyping: The wrapping tool can be faster for quickly testing policy enforcement on an existing app.
Very Simple Apps: For apps with minimal data protection needs, the wrapper might be sufficient and simpler to use.
Selective Wipe: The ability to remove only corporate data from an app on a user's device while leaving personal data intact. The wrapper usually provides only full app wipe functionality.
Advanced Data Protection Controls:
Fine-grained restrictions on actions like cut, copy, paste, and "save as" between managed and unmanaged apps.
Preventing screen capture within managed apps.
Conditional Access Integration: Using specific app behaviors or data to determine whether the device complies with conditional access policies for access to corporate resources.
Customization of Policy Enforcement: Tailoring the way policies are applied to specific app usage scenarios or workflows.
Offline Access Control: Enforcing policies even when the device is offline, such as enforcing encryption or restricting data access
Integration with App Configuration Policies: The ability to deliver settings and configurations directly within your app using Intune App Configuration Policies.