Download PDF
GlobalProtect
Create an App Configuration on Android Endpoints Using Microsoft Intune
Table of Contents
Expand All
|
Collapse All
GlobalProtect Docs
-
- 10.1 & Later
- 9.1 (EoL)
-
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
-
- 6.1
- 6.0
- 5.1
-
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
Create an App Configuration on Android Endpoints Using Microsoft Intune
Create a configuration policy on Microsoft Intune.
You can create a app configuration in Microsoft Intune to allow administrators to
customize and manage GlobalProtect app settings for Android devices without
requiring users to manually configure the GlobalProtect app themselves. This policy
enables IT admins to specify configuration settings that can control app behavior,
enable specific features, and enhance security across managed devices.
For a demonstration of how to create a configuration policy for your Android
device on Intune, watch this video.
- On the Apps page, click PolicyApp configuration policies and then click CreateManaged Devices.Enter a name and description for the policy and select the platform (Android Enterprise) and profile type.Click Select app next to Targeted app, select GlobalProtect, and click OK.Click Next.In Configuration settings format, select Use configuration designer and add the required keys.KeyValue Type
Description ExampleportalRequired attribute for all configurationsStringIP address or fully qualified domain name (FQDN) of the portal.10.1.8.190app_listRequired attribute for per-app configurationsStringConfiguration for Per-App VPN. Begin the string with either the allowlist keyword or blocklist keyword followed by a colon, and follow it with an array of app names separated by semicolons. Add a semicolon at the end of the list too. The allow list specifies the apps that will use the GlobalProtect app for network communication. The network traffic for any other app that is not in the allow list or expressly listed in the block list will not go through the VPN tunnel.allowlist | blocklist: com.google.calendar; com.android.email; com.android.chromeDefault value: none.connect_methodString- Choose user-logon for
always-on connect method. This automatically
connects GlobalProtect with your
credentials.On Android devices, GlobalProtect does not automatically connect when you open applications configured with an allowlist or blockist. Hence, we recommend setting the always on connect method for per-app configurations.
- Choose on-demand to ensure that users manually connect GlobalProtect through the application.
user-logon | on-demandDefault value: blank, in which case the connect method specified on the portal configuration is used.usernameStringUsername for the user. johnpasswordStringPassword for the user. Password!1234managedBooleanIndicates whether the device is managed by an MDM.true | falseDefault value: falsemobile_idStringThe mobile ID is used as the host ID.5188a8193be43f42d332dde5cb2c941euse_default_browser_for_samlBoolean- Choose true to use the default browser for SAML authentication.
- Choose false to use the embedded browser for SAML authentication.
true | falseDefault value: falsecomplianceStringIndicates whether the device is compliant with compliance policies. This parameter is included in the HIP report and can be used to create security policies.yes | notagStringTag to identify a device. This parameter is included in the HIP report and can be used to create security policies. You can specify any value for this parameter.HR_DepartmentownershipStringIndicates whether the device is corporate owned or personal. This parameter is included in the HIP report and can be used to create security policies. You can specify any value for this parameter.corp-ownedClick Next.Assign the policy to the appropriate users or groups. To deploy the policy broadly to all applicable devices, select Add all users or Add all devices.Click Next.Review your settings and click Create.Proxy Auto Configuration (PAC) Deployment from GlobalProtect on Android EndpointsStarting from GlobalProtect Android app version 6.1.7, you can configure and deploy proxy auto-configuration (PAC) file URLs on Android endpoints, using the mobile device management (MDM) platforms. By pushing these configurations through mobile device management (MDM), the proxy settings are uniformly applied across all android endpoints, ensuring seamless deployment and consistent security measures.You can add the PAC file URL using the following values while creating an app configuration policy rule on Android endpoints using MDM platforms.Key: proxy-urlValue Type: <String>, for example,http://pac./proxy.pac,https://pac./proxy.pacThis feature extends the existing desktop capability of GlobalProtect to configure third-party proxies through proxy auto-configuration (PAC) file URLs to the Android mobile platform as well and it eliminates the need of other third- party tools for PAC file URL deployment.The supported PAC file URL method includes the Proxy Auto-configuration (PAC) standard and the feature is supported on Android version 11 and later.