For Android Enterprise

Setup Active Shield Android for Enterprise (Android for Work) using Microsoft Intune.

To setup ActiveShield on Android Enterprise (formerly known as Android for Work), you need to set up some app configuration policies in the Microsoft Intune. Setting up the configurations will automatically enroll the target devices into your BETTER MTD tenant.

A one-touch configuration feature is pending. Once complete, BETTER MTD will setup the appropriate app configurations in Microsoft Intune for the Android Enterprise (Android for Work) environment upon completion of the integration process.

Requirements

  • A Microsoft Intune subscription.

  • An Android device managed by Microsoft Intune.

Approve the Managed Google Play Active Shield app

Open a browser and sign in to Microsoft Intune.

Go to Client Apps > Apps.

Click on Add and set App type to Managed Google Play.

Click on Approve and search for Active Shield Enterprise.

Click on Active Shield Enterprise.

Click Approve > Approve > Save.

Click OK then Sync.

Assign the Managed Google Play Active Shield app

Go to Client apps > Apps, then search for Active Shield Enterprise.

Click on Active Shield Enterprise.

Click Assignments.

Click Add group.

Set Assignment type to Required then click Included Groups.

Click Select group to include and select the groups you want to include. Later, we will also assign the group the appropriate app configurations.

Click Select > OK > OK then hit Save.

Create Active Shield app configuration

Go to Client Apps > App configuration policies.

Click on Add and fill out the Name and Description fields.

Set Device enrollment type to Managed devices and set Platform to Android.

Click on Associated app.

Select Active Shield Enterprise and click OK.

Click on Configuration settings.

Select one of the Configuration settings format.

Use configuration designer
Enter JSON data
Use configuration designer

Set Configuration settings format to Use configuration designer.

Click Add.

Select all the Configuration keys and click OK.

Set the fields as follows.

CONFIGURATION KEY

VALUE TYPE

CONFIGURATION VALUE

Device ID

string

{{AzureADDeviceId}}

User

string

{{userprincipalname}}

App Server Address

string

https://yourtenant.bettermtd.com

Set the App Server Address to the BETTER MTD tenant URL. For example, if your BETTER MTD Console can be located at mycorp-new.bettermtd.com, set the App Server Address to https://mycorp.bettermtd.com(Note: remove the -new suffix and make sure to include https protocol)

Click Ok and Save.

‚Äč

Enter JSON data

Set Configuration settings format to Enter JSON data.

Copy-paste the following JSON into the text area.

Active Shield Android Enterprise Configuration JSON
{
"kind": "androidenterprise#managedConfiguration",
"productId": "app:com.better.active.shield.enterprise",
"managedProperty": [
{
"key": "better_udid",
"valueString": "{{AzureADDeviceId}}"
},
{
"key": "better_user",
"valueString": "{{userprincipalname}}"
},
{
"key": "better_server_url",
"valueString": "https://yourtenant.bettermtd.com"
}
]
}

Assign Active Shield app configuration

To assign the app configuration to your target group(s), click Assignments.

Click Select groups to include and select the groups you want to include. The group should also have the Managed Google Play Active Shield app assigned to it.

Click Select then Save.

Auto grant/deny permissions on behalf of the user [Optional]

SelectPermisssions.

Click Add. and select Location access (fine) & Location access (coarse).

Click OK and set the permissions state to either Auto-grant or Auto deny as per your use-case.

Click OK and you're done configuring up the permissions.