Create an App Configuration on Android Endpoints Using Microsoft Intune

Create an App Configuration on Android Endpoints Using Microsoft Intune

1. On the Apps page, click PolicyApp configuration policies and then click CreateManaged Devices.
2. Enter a name and description for the policy and select the platform (Android Enterprise) and profile type.
3. Click Select app next to Targeted app, select GlobalProtect, and click OK.

   
4. Click Next.
5. In Configuration settings format, select Use configuration designer and add the required keys.

   

   Key	Value Type	Description	Example
   portal Required attribute for all configurations	String	IP address or fully qualified domain name (FQDN) of the portal.	10.1.8.190
   app_list Required attribute for per-app configurations	String	Configuration for Per-App VPN. Begin the string with either the allowlist keyword or blocklist keyword followed by a colon, and follow it with an array of app names separated by semicolons. Add a semicolon at the end of the list too. The allow list specifies the apps that will use the GlobalProtect app for network communication. The network traffic for any other app that is not in the allow list or expressly listed in the block list will not go through the VPN tunnel.	allowlist | blocklist: com.google.calendar; com.android.email; com.android.chrome Default value: none.
   connect_method	String	Choose user-logon for always-on connect method. This automatically connects GlobalProtect with your credentials. On Android devices, GlobalProtect does not automatically connect when you open applications configured with an allowlist or blockist. Hence, we recommend setting the always on connect method for per-app configurations. Choose on-demand to ensure that users manually connect GlobalProtect through the application.	user-logon | on-demand Default value: blank, in which case the connect method specified on the portal configuration is used.
   username	String	Username for the user.	john
   password	String	Password for the user.	Password!1234
   managed	Boolean	Indicates whether the device is managed by an MDM.	true | false Default value: false
   mobile_id	String	The mobile ID is used as the host ID.	5188a8193be43f42d332dde5cb2c941e
   use_default_browser_for_saml	Boolean	Choose true to use the default browser for SAML authentication. Choose false to use the embedded browser for SAML authentication.	true | false Default value: false
   compliance	String	Indicates whether the device is compliant with compliance policies. This parameter is included in the HIP report and can be used to create security policies.	yes | no
   tag	String	Tag to identify a device. This parameter is included in the HIP report and can be used to create security policies. You can specify any value for this parameter.	HR_Department
   ownership	String	Indicates whether the device is corporate owned or personal. This parameter is included in the HIP report and can be used to create security policies. You can specify any value for this parameter.	corp-owned
6. Click Next.
7. Assign the policy to the appropriate users or groups. To deploy the policy broadly to all applicable devices, select Add all users or Add all devices.
8. Click Next.
9. Review your settings and click Create.