Get All AIP encrypted files - SharePoint Online

One of the recent project merger and acquisition.  Technology - M365 tenant to Tenant migration Areas of consolidation 1. Mailboxes  2. SharePoint online data 3. OneDrive for Business data 4. Teams data migration 5. Security and Compliance Migration  Area of concern from security and compliance side was the encrypted files within EXO, SPO, Teams, ODB. Issue with encrypted data migration - end users will not be able to access the documents once the Source tenant is decommissioned.   Solution available -  Ask end users to unencrypt the data before migration  Alternet Solution - 1. Decrypt the files, mails using eDiscovery - This will give us output in PST format will is available for offline access, but the data in source will still be encrypted.  Decryption in eDiscovery - Microsoft Purview (compliance) | Microsoft Docs   2. Use Get-AIPfileLabel and Get-AIPFileLabel but in order to use this you must be aware of all the files paths.  Challenges -  1. We do not want end user intervention

Wrap Android LOB Apps to deploy Intune “Mobile Application Management” policies.

Prerequisites
Before you can go ahead and wrap your LOB app, there’s a few prerequisites that needs to be taken care of first.
  • You must run the app wrapping tool on a Windows computer running Windows 7 or later.
  • Your input app must be a valid Android application package with the extension .apk file and:
    • Cannot be encrypted
    • Must not have already been wrapped by the app wrapping tool
    • Must be written for Android 4.0 or later
  • The app must be developed by, or for your company. You cannot use this tool to process apps downloaded from the Google Play Store.
To run the app wrapping tool, you must install the latest version of the Java Runtime Environment and then ensure that the Java path variable has been set to C:\ProgramData  (x86)\Java\jre”xxxx” in your Windows environment variables.
Install the app wrapping tool
1.       Download the Intune App Wrapping Tool for Android from the following location: http://www.microsoft.com/en-us/download/details.aspx?id=47267
2.       Install the application on you system “Accept the license terms and click Next”
3.       Let the tool be installed in the default location and click Install.
The default location is: C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool

App signing
Before we can go ahead and wrap an LOB app, we need to create a keystore with keytool.exe, which is included with Java Runtime Environment.
Open Command prompt “Run as administrator” and change the path to the installation directory of Java. E.g. C:\ProgramData  (x86)\Java\jre”xxxx\bin” 














Like in my case the directory is C:\ProgramData  (x86)\Java\jre1.8.0_101\bin 
1.       Run the below command, this will help you to generate the Keystore and set the password and its validity.
keytool.exe -genkey -v -keystore AWT.keystore -alias AWT -keyalg RSA -keysize 2048 -validity 50000
The Above command stores Keystore under this path“C:\ProgramData(x86)\Java\jre1.8.0.101\bin\AWT.keystore
You can change the keystore and Alias name “AWT” to anything but remember to change the same in further commands too.
2.       Once the above command is successfully executed, you will be prompted to enter the password. Enter the password of your choice, but remember it as it will be required during executing the App wrapping process.

Wrapping an app
Now that we’ve successfully installed all prerequisites for wrapping an app, let’s continue with some actual wrapping.
1.       On your Machine create the following Folder structure.
a.       C:\AndroidApp\AppSource
b.       C:\AndroidApp\WrappedApp
2.       Place your app under the AppSource Folder
3.       Run Windows PowerShell as administrator and change the path to the installation directory of app wrapping tool I.E. C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool

4.       Import the app wrapping tool PowerShell module by running the following command.
Import-Module "C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool\IntuneAppWrappingTool.psm1"

5.       Once the module is imported successfully run the below command to start the app wrapping
Invoke-AppWrappingTool -InputPath " C:\AndroidApp\AppSource\YourApplication.apk" -OutputPath " C:\AndroidApp\WrappedApp\YourWrappedApplication.apk" -KeyStorePath "C:\Program Files (x86)\Java\jre1.8.0_101\bin\AWT.keystore" -KeyAlias AWT -SigAlg SHA1withRSA -Verbose

Note! Remember to change to your own apk file.

6.       Once this is executed you will be prompted to enter the password, enter the same password which you had entered while generating the keyStore
Once your application is wrapped you will get the successful notification on PowerShell window, and the Wrapped application will be exported to the Folder specified as “OutPutPath”

You can now Add Wrapped application to Intune Portal and deploy MAM policies successfully.





Comments

Post a Comment

Popular posts from this blog

Error - AttributeValueMustBeUnique in Azure AD connect sync

Error - QuarantinedAttributeValueMustBeUnique

Add members to office 365 Security Group Using PowerShell and CSV

Analyze Office 365 Message headers

Enforce MFA using CSV