Welcome to the new Box Support website. Check out all the details here on what’s changed.

Box Status
Print

MDM

Mobile , Mobile - iOS , Mobile - Android

Read on to learn how to configure MDM with Box.

Microsoft Intune

Microsoft Intune is one of the most popular Enterprise Mobility Management (EMM) providers.

For iOS, the enterprise admin (EA) can obtain Box apps (Box for EMM, Box Mobile) using the public App Store. When the EA acquires one of the apps, they can provision it through the admin console in Microsoft Intune.

For Android, an admin has to first connect to the managed Google Play store and approve the Company Portal app.

Configure iOS

Start with adding a new app policy:

  1. Add app configuration policies for managed iOS/iPadOS devices.
  2. Choose Box for EMM or Box Mobile as the Targeted App.
  3. Use the configuration designer and enter the general and Intune-specific configuration keys/values.
Note:
 If you’re using Intune for MAM and a third-party provider for MDM that doesn’t have User Principal Name as its variable, try using Email variable instead.

Add a new protection policy

Proceed to add a new protection policy for your app. Choose the Box for EMM/Box Mobile as the public app. Select all the appropriate settings in next steps. Before you save your changes, make sure that all the settings are correct and assigned to the right group.

Box configuration

Note:
Box for EMM is restricted to only MDM managed devices - it’s a default feature in Box for EMM. The users can log into Box for EMM only if their account was provisioned with the Microsoft Intune admin console. They have to use their enterprise credentials.

You can make sure that users access Box through Box for EMM.

To do so:

  1. Go to the Admin console > Apps.
  2. Find iOS Apps in the Official Box Apps section.
  3. Disable the following apps by toggling the radio button next to them:
    1. Box for iPhone
    2. Box for iPad
    3. Capture for iOS (EOL: Aug 30, 2024)
  4. Scroll down to Mobile web and accessibility and disable Box.com mobile site. Make sure that Box for iPhone (EMM) and Box for iPad (EMM) are enabled.

If you deployed any other Box apps, or you have an Android solution, check if you want to disable any additional apps.

Note:
Changing the above settings prevents the enterprise’s users from accessing the regular (unmanaged) Box for Mobile app and mobile site. Make sure you notify your Box users before taking this action.

Configure Android

Start with connecting your Intune account to the Android Enterprise account. For more information, see Android Enterprise documentation and Intune documentation. Then, approve your company portal in the managed Google Play store and confirm that it works. Ensure that all approved apps are synced and have the policies/assignments set up for the app.

App configuration policy

Enter the general and Intune-specific configuration keys and their values in configuration settings.

Validate if Box for EMM or Box for Mobile is visible in the Play Store. Download it and check if it’s available in the Workspace app. Your users can now open the app and log in.

User scenarios

Scenario Outcome
A user managed by Microsoft Intune requests to log in to the Box for EMM app that was provisioned with Microsoft Intune. User logs in successfully.
A user managed by Microsoft Intune requests to log in to the Box for EMM app that they installed directly from a public app store. The user can’t log in, as the Public ID configured in the Microsoft Intune admin console isn’t pushed to the Box for EMM app installed from a public app store.
A user backs up the app on one device and attempts to restore it on another device. The user can’t log in, as the Box for EMM app validates the one time token and determines that the app was not provisioned with Microsoft Intune. 
A Box user who is not a part of the enterprise deployment of Box for EMM requests to log in to the Box for EMM app provisioned with Microsoft Intune. The user can’t log in, as their login info doesn’t match the Public ID in the Box for EMM app.
The enterprise admin issues a selective wipe to a device managed by Microsoft Intune.  The offline corporate data is removed from the managed device.
The Box user un-enrolls their device from Microsoft Intune.  The Box for EMM app is removed from the device. 

Related articles