by Contributed | Apr 22, 2021 | Technology
This article is contributed. See the original author and article here.
By Masaki Iwamaru – Service Engineer | Microsoft Endpoint Manager – Intune
Box for EMM is an app for the iOS platform developed by Box Inc. The Box for EMM app is intended for enterprise customers with mobile device management (MDM) solutions such as Microsoft Endpoint Manager – Microsoft Intune. The app provides secure access to data in Box cloud storage workspace with iOS devices.
When you integrate Box for EMM app with Intune, you can apply app protection policies (APP). This will enable the data protection features of the app built with the Intune App SDK. You can control data transfer between apps, restrict copy-paste between apps, set access requirements, and force conditional launch settings.
This blog post provides you a step-by-step guide on integrating Box for EMM app with Intune.
Note
There is a separate Box app that can be used for both personal and enterprise use. This article focuses on the Box for EMM app, which has supported Intune since 2015. Both the Box for EMM and Box app can access the same cloud storage space provided by the Box EMM Enterprise workspace.
Steps to integrate Box for EMM with Intune
Step 1. Add and deploy Box for EMM app to your employees.
Deploy the app using Intune. If end users install Box for EMM from the App Store and you haven’t deployed it to users or devices, they will not be able to sign-in to the app because the required app configuration policy is not applicable (see step 2).
To add Box for EMM to Intune:
- Sign into the Microsoft Endpoint Manager admin center.
- Go to Apps > iOS/iPadOS.
- Select + Add, choose iOS store app from the dropdown list, and then Select.
- Select Search the App Store and enter Box for EMM.
- Select to add the app to Intune.
After you add the app to Intune, deploy it by assigning the app to users and devices. Learn more about deploying apps in this article.
Tip
You can also deploy the Box for EMM app that’s purchased through the Apple Volume Purchasing Program (VPP).
Step 2. Create and deploy an app configuration policy.
This is a required configuration for the Box for EMM app. Otherwise end users won’t be able to sign into the app.
- Go to Apps > App configuration policies to create an app configuration policy.
- Select + Add and choose Managed devices from the list.
Note
Be aware you need to create and deploy an app configuration policy using a managed device. Managed apps won’t work for the Box for EMM app.
- Enter a policy name in Name and choose iOS/iPadOS from the Platform list.
- For Targeted app, Select app, and then choose Box for EMM from the list.
Figure 1. Box for EMM policy in the Microsoft Endpoint Manager admin center
Go to the Settings tab.
Choose Use configuration designer from the Configuration settings format list and specify the following values from the XML property list.
Configuration key
|
Value type
|
Configuration value
|
Public ID
|
String
|
<The value provided by Box.com>
|
Management ID
|
String
|
AnyString
|
Intune Enterprise
|
String
|
1
|
com.box.mdm.oneTimeToken
|
String
|
AnyString
|
userprincipalname
|
String
|
{{userprincipalname}}
|
Figure 2. App configuration policy settings
- Then deploy the policy to users and devices. These assignments are usually identical to the ones for the Box for EMM app.
Step 3. Create and deploy an app protection policy (APP) for the Box for EMM app.
You can create a new app protection policy for iOS and iPad operating systems (OS) or use an existing one. Here are a few best practices:
- Make sure that the Box for EMM app is included in the Targeted apps list of the policy.
- Set Target to apps on all device types to Yes in app protection policies to avoid misconfigurations. If you set it to No, you might need to deploy the IntuneMAMUPN key. This often overlooked by administrators, so I recommend setting it to Yes.
Figure 3. App configuration policy settings
- Make sure the policy is assigned to the correct users. App protection policies should be assigned to users instead of devices.
Step 4. install the Box for EMM app to iOS/iPadOS using Intune.
Make sure both the app and the app configuration policy are deployed. You can check deployment status in the Microsoft Endpoint Manager admin center.
Step 5. Launch the Box for EMM app.
You will see the Microsoft Azure Active Directory (Azure AD) sign-in screen. The user name is automatically populated. It should be the same as the user who enrolled the device. Enter the password for the user and app protection policy will be applied. Then you will see an app restart request.
Step 6. Relaunch the app.
When you relaunch the app, it might ask you to set an app PIN. Then you will see a login screen for the Box for EMM app. Sign in with your Box account. Now you can use the app with Intune app protection.
Frequently asked questions (FAQs)
In summary, here are common issues to be aware of when you’re integrating Box for EMM app with Intune:
The Box for EMM app is not installed on iOS devices.
Make sure you assigned the app to the correct groups. You can check app installation status in Device install status in each app or Managed Apps in each device.
If you use VPP for app deployment, make sure the VPP token is valid, and you have enough app licenses.
App configuration policy for Box for EMM app shows Not applicable.
Ensure that the Box for EMM app is installed using Intune instead of the App Store.
Check that the app configuration policy targets the Box for EMM app that you are deploying. Sometimes it targets the incorrect applicationID of the same app name because you have multiple Box for EMM apps in the Microsoft Endpoint Manager admin center or you have deleted and re-added the app.
Note
The app configuration policy type should be Managed devices instead of Managed apps.
App protection policy is not applied after sign-in.
Make sure the policy is assigned to correct users. App protection policy should be assigned to users instead of devices.
Be sure that Target to apps on all device types is set to Yes.
It can take time for the policy to be applied if end users are signed-in to the app before the policy assignment. This article provides more information about expected policy delivery timing.
How can I get Public ID for my Box tenant?
Public ID is provided by Box, Inc. for your tenant. Contact Box support for this information
- Should I set up single sign-on (SSO) between Azure AD and Box service?
You can use Box for EMM features without SSO integration. While it is optional, SSO provides a simplified and excellent user experience. Check out this article to learn about SSO integration guidance.
I want to allow access with Box for EMM app only while blocking personal Box app.
You can use the iOS device restriction profile to hide and disable the Box for EMM app. The Show or hide apps setting is applicable only to supervised iOS devices.
There is also a setting for enabling and disabling Official Box Apps in Box Admin Console – Apps.
I want to disable Files app functionality on iOS devices to prevent unintended file sharing.
Intune doesn’t have this setting. There is a setting for disabling Files app functionality in Box Admin Console – Enterprise Settings – Mobile.
Are there recommended settings for the Box for EMM app?
The following recommended settings allow end users to open, modify, and save files directly in Box storage with Microsoft Office applications.
Setting name
|
Value
|
Send Org data to other apps
|
Policy managed apps with OS sharing
|
Receive data from other apps
|
All Apps with incoming Org Data
|
Save copies of Org data
|
Block
|
Allow user to save copies to selected services
|
Select locations you want to save org data into
|
We also recommend adding the following key/value pair in the app configuration policy.
Key
|
Value (is you’re using Intune as the MDM)
|
IntuneMAMUPN
|
{{UserPrincipalName}}
|
The actual value specified for the IntuneMAMUPN key depends on the MDM provider you are using. You can find examples of the value you should enter for a third-party MDM provider in this article.
More info and feedback
For further resources on this subject, please see the links below.
iOS/iPadOS app protection policy settings
Validate your app protection policy setup
Create and deploy app protection policies
Set up app protection policies for iOS devices
Let us know if you have any questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.
by Contributed | Apr 22, 2021 | Technology
This article is contributed. See the original author and article here.
Final Update: Thursday, 22 April 2021 17:34 UTC
We’ve confirmed that all systems are back to normal with no customer impact as of 04/22, 17:01 UTC. Our logs show that the incident started on 04/22, 16:11 UTC and that during the 50 minutes that it took to resolve the issue some of the customers might have experienced data access issues and delayed or missed Log Search Alerts in East US region.
- Root Cause: The failure was due to an issue in one of our backend services.
- Incident Timeline: 50 minutes – 04/22, 16:11 UTC through 04/22, 17:01 UTC
We understand that customers rely on Azure Log Analytics as a critical service and apologize for any impact this incident caused.
-Saika
by Contributed | Apr 22, 2021 | Technology
This article is contributed. See the original author and article here.
Today we’re pleased to announce the commercial preview of Microsoft Office Long Term Servicing Channel (LTSC) for Windows and Office 2021 for Mac. The next perpetual version of Office for commercial customers is built specifically for organizations running regulated devices that cannot accept feature updates for years at a time, process control devices that are not connected to the internet in manufacturing facilities, and specialty systems that must stay locked in time and require a long-term servicing channel. Office LTSC will provide the familiar productivity tools you have experienced with Office 2019, now with faster performance and expanded accessibility. You can preview Office LTSC and Office 2021 for Mac starting today.
Office LTSC will include features from past Office releases as well as a subset of new features already available in Microsoft 365 Apps for enterprise. As we announced in February, Office LTSC, like Windows 10 LTSC, will be supported for five years and continue being governed by the Fixed Lifecycle Policy. To learn more about other changes for Office LTSC read our February announcement.
Office LTSC will be deployed using Click-to-Run exclusively, just like Office 2019, so IT admins can take advantage of modern deployment technology to help reduce costs. Office 2021 for Mac will use the standard Apple Package format (pkg) – the same technology that we have used for previous perpetual releases, including Office 2019 for Mac and Office 2016 for Mac. To understand additional system requirements for Office LTSC and Office 2021 for Mac, read the FAQ.
Microsoft 365 Apps continues to deliver the most productive and most secure Office experience, offering the lowest Total Cost of Ownership (TCO) for deployment and management. In another recent announcement, we shared how Microsoft 365 Apps can also be used in organizations with employees going offline for longer periods of time or using shared devices or workstations. However, Office LTSC will be a valuable upgrade for customers who need to keep their Office Apps on-premises.
This is the first in a series of preview announcements for the on-premises wave, and in the coming months we’ll also announce commercial previews for SharePoint and Project Server. For instructions on how to install the Office LTSC and Office 2021 for Mac preview, go here.
Continue the conversation by joining us in the Microsoft 365 Tech Community! Whether you have product questions or just want to stay informed with the latest updates on new releases, tools, and blogs, Microsoft 365 Tech Community is your go-to resource to stay connected!
by Contributed | Apr 22, 2021 | Technology
This article is contributed. See the original author and article here.
News and interests on the taskbar will begin rolling out to Windows 10 users today. We are taking a measured approach starting with the April 2021 Cumulative Update Preview for Windows 10, and broad availability will occur in phases. Devices running Windows 10, version 1909 (and later) who have installed the May 2021 Windows monthly update (or later) will be included in this phased rollout.
Today, on the Windows Experience blog, we announced that news and interests will be available on the Windows taskbar in the coming weeks. Designed to help Windows users stay up to date, at a glance, with weather, news, and more, this experience was first introduced to Windows Insiders in the Dev Channel in January and we have since been optimizing the experience based on Insider feedback.
When the experience rolls out to their devices, users will see a personalized weather forecast based on their location on the taskbar. To quickly check in on the latest headlines, weather, sports, and more, they can simply open news and interests, get caught up, and get back to what they were doing.
News and interests on the Windows taskbar offers personalized content at a glance
The information shown in news and interests is personalized for individual users. Users can customize the content they see, enabling scenarios like the following:
- Keep an eye on nearby weather and traffic that may impact a commute.
To change the location shown for weather and traffic updates, select More options (…) on the Weather or Traffic card, and select Edit Location.
- Follow a topic related to professional or personal interests.
Follow a specific topic related to an industry, job role, or subject to learn more about. To follow a specific topic, select Manage Interests and select or search for a topic.
- Get personalized updates on stocks.
Keep an eye on major market indicators, see top gainers or losers, or create a watch list of stocks to see updates throughout the day.
- Share, save or see more stories.
Select More options (…) on headlines and articles in news and interests on the taskbar to share them with others or save them to read later. Users can also request to see more or fewer stories like the ones shown.
In addition, the appearance of news and interests on the taskbar can be customized. Users can choose to right click or long press a blank space on the taskbar and select News and interests to customize. They can choose Show icon and text or, to save taskbar space, select Show icon only. Users can also select Turn off to unpin news and interests. For more information on customizing news and interests, see the Support page
Manage news and interests on the taskbar with policy
In addition to personalization for individual users, Windows and Microsoft 365 IT admins can easily manage the way news and interests on the taskbar is configured for the devices they manage.
To manage news and interests on the taskbar with Group Policy, locate:
Computer Configuration > Administrative Templates > Windows Components > News and interests > Enable news and interests on the taskbar
The news and interests setting in Group Policy
Through this policy, you can disable or enable the news and interests experience on the taskbar. If you leave the setting as “Not configured” the experience will be enabled by default.
- Enabled – News and interests will be allowed on the taskbar. The settings UI will be present in the Taskbar context menu, and users will be able to turn it off or switch modes.
- Disabled – News and interests will be turned off completely, and the settings UI in the Taskbar context menu will be removed.
Configuring news and interests via Group Policy
Microsoft Endpoint Manager offers the same policy configuration options:
Configuring news and interests policy in Microsoft Endpoint Manager
Learn more
For more information on configuring the news and interests experience for your users, please see the Policy CSP – Experience article in Windows client mobile device management documentation.
by Contributed | Apr 22, 2021 | Technology
This article is contributed. See the original author and article here.
We are excited to announce Azure Storage Day, a free digital event on April 29, 2021, where you can explore cloud storage solutions for all your enterprise workloads. Join us to:
- Understand cloud storage trends and innovations—and plan for the future.
- Map Azure Storage solutions to your different enterprise workloads.
- See demos of Azure disk, object, and file storage services.
- Learn how to optimize your migration with best practices.
- Find out how real customers are accelerating their cloud adoption with Azure Storage.
- Get answers to your storage questions from product experts.
This digital event is your opportunity to engage with the cloud storage community, see Azure Storage solutions in action, and discover how to build a foundation for all of your enterprise workloads at every stage of your digital transformation.
The need for reliable cloud storage has never been greater. More companies are investing in digital transformation to become more resilient and agile in order to better serve their customers. The rapid pace of digital transformation has resulted in exponential data growth, driving up demand for dependable and scalable cloud data storage services.
Register here.
Hope to see you there!
– Azure Storage Marketing Team
Recent Comments