Add Microsoft Intune and MicroVPN into Mobile Apps

Microsoft Intune is the leading MAM/EMM in the market today. Many companies are using, or are in the process of migrating from MDMs to MAM/EMM and to Microsoft Intune. In addition, organizations often require mobile apps and mobile app users to use secure network connectivity. MicroVPN allows a mobile app to securely connect to any standard SSL, VPN or Proxy enterprise gateway.

This Knowledge Base explains how you can use Appdome to achieve no-code integration of Microsoft Intune and MicroVPN in any mobile app in seconds. From there, you can manage any mobile App using Microsoft Intune and secured its network connection.

Thanks for reading and we hope you find this article helpful.

Adding Microsoft Intune and MicroVPN to Any Mobile App Fast

Mobile Apps need network connectivity to communicate with the outside world, including the servers and services needed for the App to function properly. Unfortunately, the public (not secured) networks pose the risk of data loss, data theft, identity theft, and more. Appdome MicroVPN is part of the Mobile Access categoryIt is a secure mobile access feature, unique to Appdome, which enables a mobile App to connect directly to any enterprise SSL, VPN or Proxy gateway in a flexible, efficient, and secure manner.  Note that it’s not truly a VPN (It doesn’t tunnel the connection through a remote server), instead, it’s a component in the application itself that takes care to ensure secure connection parameters.  MicroVPN is an industry-standard term.

Appdome’s MicroVPN does not require all web service endpoints to be published via a gateway or code change to apps to repoint to the newly published addresses of services. Appdome’s MicroVPN can use any SSL gateway, including Microsoft App Proxy, Netscaler and more in two main modes: Transparent Proxy mode which does not require resources to be publicly published, and Direct Connection mode which is intended for publicly resolvable resources. Modes can also be set on a per-resource basis, providing full granular control over the access and connectively model.

Appdome for Microsoft Intune SDK Integration is one of the premier solutions available on Appdome. Using Appdome to Build Microsoft Intune and MicroVPN to mobile Apps is simple and fast. Once Build is complete, you can deploy the Built App directly to Intune and install the Built App on mobile devices via Intune. All data created within the App will be encrypted and protected inside a container, preventing other applications from accessing the App’s data. Furthermore, When the Built App initiates an SSL Handshake with the server, using MicroVPN, outgoing traffic will be processed to ensure the connection to the server is secure.  Appdome allows you to enjoy all the features the Microsoft Intune SDK offers as well as the additional security of Appdome Mobility Suite and BoostEMMTMby Appdome.

Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. The iOS (.ipa) or Android (.apk or .aab) App can be built in any development environment such as xCode for iOS and Android Studio, or non-native environments like Xamarin, Cordova, and React Native. Likewise, there is no requirement to pre-build any part of the Microsoft Intune functionality, use the Microsoft wrapper, or implement Microsoft Intune SDK capabilities into Android or iOS Apps prior to using Appdome. Appdome’s technology adds the full Microsoft Intune SDK, as well as standards, methods or protocols necessary, to mobile Apps automatically. After using Appdome, mobile Apps will leverage the Microsoft Intune SDK capabilities as if they were natively coded into the App.

Prerequisites for using Appdome for Microsoft Intune

  1. Appdome account – IDEAL or Higher
  2. Mobile App (.ipa for iOS, or .apk or .aab for Android)
  3. You have a configured and accessible instance of Microsoft Intune (to deploy your App).

How to Integrate Microsoft Intune and MicroVPN on Appdome

To Build your App with the Microsoft Intune SDK, follow these simple steps.  Note, the same workflow can be used for either an Android or iOS App.

From the “Build” tab, Add the Microsoft Intune SDK

  1. Select the Build tab.   Note: a blue underline will appear showing the step is active
  2. Select the Management category. Note: a blue highlight will appear showing the category is active.
  3. Toggle “ON”  EMM Services and Select the Microsoft Intune SDK

    Add Microsoft Intune and MicroVPN to any app using appdome - no coding

Steps to Integrate MicroVPN

  1. Click the Build tab
  2. Click the Appdome for Access category
  3. Enable MicroVPN

    Add Microsoft Intune and MicroVPN to any app using appdome - no coding

Configuring the MicroVPN Profile

For full information regarding the profile configuration please read Adding MicroVPN to Applications

MicroVPN profile configuration options:

  1. Inclusive Routing – If you want to route specific domains over MicroVPN you can specify the domains under Inclusive Routing.
    If you don’t enable Inclusive routing, all communication from the App is hardened. If you enable Inclusive Routing, communication to the domains you add will be hardened. All other traffic is permitted.

    1. Inclusion List – If you enable Inclusive routing, you can add server hosts and domains one line add a time. Wildcards are permitted.
  2. Transparent Proxy Mode – Enable internal DNS resolution as well as a many-to-one relay via the standard Transparent Proxy protocol (HTTP CONNECT)
    1. Proxy Host – If you enable Transparent Proxy Mode, you will need to specify the hostname of a proxy-relay.

    appdome inclusive routing - Microsoft Intune and MicroVPN

  3. Session Hardening – The most straightforward way of ensuring that connections between mobile Apps and corporate networks are secure is to restrict the parameters of the connection by verifying the server certificates and protocols.
    1. Strict Protocol Checking – When enabled, the Built App is prevented from connecting with un-secure servers.
      The Built App can connect only to Secure servers that use these algorithms: DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES256-SHA256, DHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA256.
    2. Server Validation – Actively verify server certificate and trust chain for all connections through the MicroVPN service.
  4. Static Client Pinning  – This pinning allows client-side certificates to be added to the Built App for connecting with servers that require them.
    1. Custom Certificate .pem File – Chose and Upload a client cert to use for authentication. The certificate file name must end in .pem.
    2. Custom Certificate .key File – Chose and Upload the key for the client certificate. The key file name must end in .key.
  5. Dynamic Client Pinning – Pin a dynamic unique personal client certificate to the Built App to authenticate client connections on the MicroVPN gateway.
    1. SCEP Server URL – Enter the URL of the Microsoft NDES server.

Build your App with Microsoft Intune and MicroVPN

Click “Build My App” to complete Appdome’s Microsoft Intune SDK and the new profiled MicroVPN integration to the App.

The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each App and match the App to the relevant code-sets needed to add Microsoft Intune and MicroVPN to the mobile App in seconds.

Congratulations! When your implementation is complete, you’ll see the notice below. You now have a mobile App fully integrated with Microsoft Intune and MicroVPN.  The App will be managed by Intune and have the ability to utilize a secure connection to backend corporate services.

After Building Your App with Microsoft Intune and MicroVPN

After you have added Microsoft Intune and MicroVPN to your app, there are a few additional steps needed to complete your mobile integration project.

Please view the article here on How to Complete My Mobile Integration Project After I Build My App.

Here’s an article on How to Automatically Distribute Built Apps to Your Intune Environment.

That is it – Enjoy your newly integrated mobile app!

How Do I Learn More?

For full information regarding the profile configuration please read here on Building Applications with MicroVPN 

To zoom out on this topic, deploying mobile Apps fused with the Microsoft Intune SDK, read the Appdome for Microsoft Intune datasheet on our website.

To ensure your App is properly deployed with Microsoft Intune, make sure to visit Deploying Mobile Apps Fused with the Microsoft Intune SDK.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Paul Levasseur

Have a question?

Ask an expert

PaulMaking your security project a success!