Skip to main content

Allowing Strety Mobile App Via MS Entra and Intune Policies

Written by Kristian Munoz

This guide is for Strety's clients that have natively setup Intune within their Microsoft environment but have not yet configured it to work with Strety.

For clients that do not have Intune, this guide will not affect their current app experience. This guide assumes that the client has already setup Entra and Intune but has not added Strety-specific rules

NOTE: This only applies the IOS mobile app at this time. We are in the process of releasing support for Android mobile apps.

In this video, you’ll learn how to:

  • Granting Admin Consent for Strety Enterprise App

  • Include Strety IOS App in Entra CA Policies

  • Include Strety IOS App in Intune Policies

Prerequisites

  • Global Admin access for Microsoft tenant

  • Microsoft Entra Admin Access

    • Conditional Access Policies enabled

    • Microsoft Security Defaults disabled (This is required in order to enable Conditional Access Policies above)

  • Intune Access

  • Security Groups

    • Note: We recommend setting up a separate security group for testing purposes before rolling out policies to the entire organization

Granting Admin Consent for Strety Enterprise App

Entra's purpose is for Identity and Access Management. This is where you setup and manage users, groups, apps, and access permissions within your Microsoft tenant.

  1. Navigate to Entra admin center: https://entra.microsoft.com/#home

  2. Navigate to Enterprise Apps

    • A) Enterprise Applications

    • B) All Applications > Strety

    • C) Permissions

    • D) Ensure the the "Microsoft Mobile Application Management" API Permissions is Listed

    • E) Click "Grant Admin Consent for Strety"


Setting up Conditional Access Policies

Conditional access policies dictate what applications your users are allowed to access with their organization accounts. If you already have conditional policies for specific applications, you can either add Strety or create a separate policy entirely to target Strety.

To create a new Policy for Strety:

  1. Within the Entra portal, navigate to Conditional Access

  2. Go to policies

  3. Select new Policy

  4. Name the new Policy "Strety Application Access"

  5. For Assignments, you can either select this policy to include to all users in your organization or specific users/groups.

  6. For Target Resources, under the include tab, choose Select Resources and add Strety

  7. For the Conditions tab, you can configure this according to your company's needs (you can restrict the policy to only apply if personnel try to sign in with their iOS devices)

  8. Under the Access control tab

    1. Select Grant access

    2. Select Require App Protection Policy

  9. You can now enable the policy directly but it is recommended to choose "Report only" if you wish to test it out before rolling this to the entire organization.


Setting up Intune

Intune's main purpose is for Mobile Device & App Management. This is where teams can manage how users are accessing applications on their devices using their Microsoft org accounts. Whether your company chooses MDM or MAM deployment is up to your organization.


To setup Strety within Intune as a brand new policy

  1. Navigate to the Intune admin center

  2. Go to Apps -> Protection -> Policies

  3. Select Create and choose which platform this policy applies to

  4. For this scenario, we're setting up the Intune policy to only apply to iOS devices

  5. Name the policy "Strety iOS intune setup"

  6. Under custom apps, go to "Select custom apps"

  7. Under Bundle ID, add com.strety.strety-ios

  8. After adding the Bundle ID, make sure it is selected and Click "Select"

This can be confirmed after the bundle ID has been added under custom apps


9. Hit next and go to Data Protection. You can modify these according to your company's needs or leave it as default
10. Same will apply to Access Requirements and Conditional launch
11. In the Assignments tab, you can either select a test security group or use a security group that has all members in your organization
12. In the Review + create tab, you can do a last check for the configurations before creating the policy.


Testing + troubleshooting the setup

Once the policies have been created for both Entra and Intune, you can test if the policies are in place by asking users to uninstall the Strety application, Reinstalling it, and then signing in with their Microsoft account.

If a message appears indicating that "the organization is protecting data in this app", the Intune policies are now working and you can now roll this out to the whole organization.

​


Scenarios where the Intune deployment does not work:

  1. Entra application permissions were not added

  2. Intune delay in deployment (can take up to 8 hours for policies to take effect)

  3. User has not uninstalled Strety and re-installed Strety Mobile app

  4. Organization is not natively running Intune + Entra conditional access policies


To check error logs:

  1. In Entra, navigate to Users

  2. Go to a User that has been assigned the policy or is part of a security group with the policies applied

  3. Navigate to the Sign in logs tab

  4. Filter the application by "Strety"

  5. Check for any logs indicating a sign in failure

  6. if you see the Resource "Microsoft Mobile Application Management" this indicates that the Strety application in your organization is missing this API permission

Did this answer your question?