Configure the GlobalProtect App on Android Endpoints Using Microsoft Intune
Configure Microsoft Intune for Android
Where Can I Use This?
What Do I Need?
NGFW (managed by Panorama or Strata Cloud Manager)
Prisma Access (managed by Panorama or Strata Cloud
Manager)
GlobalProtect Gateway license or Prisma Access license with
the Mobile User subscription
GlobalProtect deployed with Microsoft Intune supports the following
configurations:
Always On
In an Always On configuration, GlobalProtect automatically
connects as soon as the you log in. For devices configured with this
connect method, you can enable lockdown mode, which enforces
GlobalProtect to be connected for network access
On-Demand
In an on-demand configuration, you must manually connect
GlobalProtect through the application. Traffic is routed through the
GlobalProtect app only after you initiate and establish the
connection.
Per-App
In a per-app configuration, you can specify the managed apps that
can route traffic through GlobalProtect when connected. If using an
allowlist, only the specified apps will be routed through GlobalProtect.
If using a blocklist, all traffic will be routed through GlobalProtect
except for the specified apps.
On Android devices, GlobalProtect
does not automatically connect when you open applications configured
with an allowlist or blockist. Hence, we recommend setting the always on
connect method for per-app configurations.
GlobalProtect works both with Android devices with a work profile and fully-managed
Android devices.
