Skip to main content

Wrap Android LOB Apps to deploy Intune “Mobile Application Management” policies.


Prerequisites
Before you can go ahead and wrap your LOB app, there’s a few prerequisites that needs to be taken care of first.
  • You must run the app wrapping tool on a Windows computer running Windows 7 or later.
  • Your input app must be a valid Android application package with the extension .apk file and:
    • Cannot be encrypted
    • Must not have already been wrapped by the app wrapping tool
    • Must be written for Android 4.0 or later
  • The app must be developed by, or for your company. You cannot use this tool to process apps downloaded from the Google Play Store.
To run the app wrapping tool, you must install the latest version of the Java Runtime Environment and then ensure that the Java path variable has been set to C:\ProgramData  (x86)\Java\jre”xxxx” in your Windows environment variables.
Install the app wrapping tool
1.       Download the Intune App Wrapping Tool for Android from the following location: http://www.microsoft.com/en-us/download/details.aspx?id=47267
2.       Install the application on you system “Accept the license terms and click Next”
3.       Let the tool be installed in the default location and click Install.
The default location is: C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool

App signing
Before we can go ahead and wrap an LOB app, we need to create a keystore with keytool.exe, which is included with Java Runtime Environment.
Open Command prompt “Run as administrator” and change the path to the installation directory of Java. E.g.C:\ProgramData  (x86)\Java\jre”xxxx\bin” 














Like in my case the directory is C:\ProgramData  (x86)\Java\jre1.8.0_101\bin 
1.       Run the below command, this will help you to generate the Keystore and set the password and its validity.
keytool.exe -genkey -v -keystore AWT.keystore -alias AWT -keyalg RSA -keysize 2048 -validity 50000
The Above command stores Keystore under this path“C:\ProgramData(x86)\Java\jre1.8.0.101\bin\AWT.keystore
You can change the keystore and Alias name “AWT” to anything but remember to change the same in further commands too.
2.       Once the above command is successfully executed, you will be prompted to enter the password. Enter the password of your choice, but remember it as it will be required during executing the App wrapping process.

Wrapping an app
Now that we’ve successfully installed all prerequisites for wrapping an app, let’s continue with some actual wrapping.
1.       On your Machine create the following Folder structure.
a.       C:\AndroidApp\AppSource
b.       C:\AndroidApp\WrappedApp
2.       Place your app under the AppSource Folder
3.       Run Windows PowerShell as administrator and change the path to the installation directory of app wrapping tool I.E. C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool

4.       Import the app wrapping tool PowerShell module by running the following command.
Import-Module "C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool\IntuneAppWrappingTool.psm1"

5.       Once the module is imported successfully run the below command to start the app wrapping
Invoke-AppWrappingTool -InputPath " C:\AndroidApp\AppSource\YourApplication.apk" -OutputPath " C:\AndroidApp\WrappedApp\YourWrappedApplication.apk" -KeyStorePath "C:\Program Files (x86)\Java\jre1.8.0_101\bin\AWT.keystore" -KeyAlias AWT -SigAlg SHA1withRSA -Verbose

Note! Remember to change to your own apk file.

6.       Once this is executed you will be prompted to enter the password, enter the same password which you had entered while generating the keyStore
Once your application is wrapped you will get the successful notification on PowerShell window, and the Wrapped application will be exported to the Folder specified as “OutPutPath”

You can now Add Wrapped application to Intune Portal and deploy MAM policies successfully.

Labels:

Comments

Post a Comment

Popular posts from this blog

Error - QuarantinedAttributeValueMustBeUnique

Case History. 1. Client already had users created in office 365 2. Client wanted to setup SSO for office 365 users Approach for requirement fullfilment   1. Deployed and configured Azure AD connect      95% users were synced and soft match was successfully done  5% users were getting error - QuarantinedAttributeValueMustBeUnique  (to view the sync issues -  https://aad.portal.azure.com/#blade/Microsoft_Azure_ADHybridHealth/AadHealthMenuBlade/SyncErros )  When we checked 2 users were found under Active users  1. one in Cloud (this was created earlier/ already existed ) with active licenses and Mailbox 2. one unlicensed synced with AD Solution - 1. Delete the unwanted user in Azure or AD as per this document.  https://blogs.msdn.microsoft.com/hkong/2017/03/23/how-to-fix-attributevaluemustbeunique-error-message-when-trying-to-sync-an-object-from-on-premises-active-directory-to-office-365/ ...
Post a Comment
Read more

Error - AttributeValueMustBeUnique in Azure AD connect sync

My customer had already created accounts in office 365 and managing them in Azure, however due to some changes in business they wanted to sync AD with Azure to sync Password and Manage Identity form AD. Solution - Deploy Azure AD connect on ADDC, and post that it will do a Soft Match. However there were error with some users, their identities did not sync and their status still reflected as Azure AD. Error -  Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [ProxyAddresses SMTP:user@domain.com;].  Correct or remove the duplicate values in your local directory.  Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values. Tracking Id: b8367c95-ae67-46e1-xxxx-xxxxxxxxxx ExtraErrorDetails: [{"Key":"ObjectId","Value":["cd088468-bb6a-4...
4 comments
Read more

Block users from saving data on System Drive on Intune Managed Device

Recently i delivered a project for Intune Deployment and came up with a requirement as follows End Users Should not be able to save data locally on C or D Drive, instead they should be allowed to save data only in One Drive for business (synced with System)  Based on the requirement i did my research and found the Following. its possible to control the Local System settings on a Azure AD joined Machine and Managed by Intune. There is no options to define exceptions in policies to allow data saving in certain folders.  Now most of us will think WIP (windows information protection) policy will help us protecting the data on device, however that's not completely true as . User can change the File Ownership to personal if the WIP policy is set to Allow Override. User can save the file locally on the system User will not be able to copy the data from work file to Personal file if policy is set to Allow override. Unenlightened apps cannot differentiate between personal and corporate...
Post a Comment
Read more