For Android Enterprise
Setup Active Shield Android for Enterprise (Android for Work) using Microsoft Intune.
To setup ActiveShield on Android Enterprise (formerly known as Android for Work), you need to set up some app configuration policies in the Microsoft Intune. Setting up the configurations will automatically enroll the target devices into your BETTER MTD tenant.
Deprecated!
This process is no longer relevant as the configuration is automatically performed upon integration.
A one-touch configuration feature is pending. Once complete, BETTER MTD will setup the appropriate app configurations in Microsoft Intune for the Android Enterprise (Android for Work) environment upon completion of the integration process.
- A Microsoft Intune subscription.
- An Android device managed by Microsoft Intune.
Go to
Client Apps > Apps.
Click on
Add and set App type to Managed Google Play.
Click on
Approve and search for Active Shield Enterprise. 
Click on
Active Shield Enterprise.
Click
Approve > Approve > Save. 
Click
OK then Sync.
Go to
Client apps > Apps, then search for Active Shield Enterprise.
Click on
Active Shield Enterprise.
Click
Assignments.
Click
Add group.
Set
Assignment type to Required then click Included Groups.
Click
Select group to include and select the groups you want to include. Later, we will also assign the group the appropriate app configurations.
Click
Select > OK > OK then hit Save.
Go to
Client Apps > App configuration policies.
Click on
Add and fill out the Name and Description fields. 
Set
Device enrollment type to Managed devices and set Platform to Android.
Click on
Associated app.
Select
Active Shield Enterprise and click OK.
Click on
Configuration settings.
Select one of the
Configuration settings format.Use configuration designer
Enter JSON data
Set
Configuration settings format to Use configuration designer.
Click
Add.
Select all the Configuration keys and click
OK.
Set the fields as follows.
CONFIGURATION KEY | VALUE TYPE | CONFIGURATION VALUE |
Device ID | string | {{AzureADDeviceId}} |
User | string | {{userprincipalname}} |
App Server Address | string | https://yourtenant.bettermtd.com |
Set the
App Server Address to the BETTER MTD tenant URL. For example, if your BETTER MTD Console can be located at mycorp-new.bettermtd.com, set the App Server Address to https://mycorp.bettermtd.com(Note: remove the -new suffix and make sure to include https protocol)
Click
Ok and Save.
Set
Configuration settings format to Enter JSON data.
Copy-paste the following JSON into the text area.
Active Shield Android Enterprise Configuration JSON
{
"kind": "androidenterprise#managedConfiguration",
"productId": "app:com.better.active.shield.enterprise",
"managedProperty": [
{
"key": "better_udid",
"valueString": "{{AzureADDeviceId}}"
},
{
"key": "better_user",
"valueString": "{{userprincipalname}}"
},
{
"key": "better_server_url",
"valueString": "https://yourtenant.bettermtd.com"
}
]
}
To assign the app configuration to your target group(s), click
Assignments.
Click
Select groups to include and select the groups you want to include. The group should also have the Managed Google Play Active Shield app assigned to it.
Click
Select then Save.
Select
Permisssions.
Click
Add. and select Location access (fine) & Location access (coarse).
Click
OK and set the permissions state to either Auto-grant or Auto deny as per your use-case.
Click
OK and you're done configuring up the permissions.
Last modified 1yr ago