Read on to learn how to configure MDM with Box.
Microsoft Intune is one of the most popular Enterprise Mobility Management (EMM) providers.
For iOS, the enterprise admin (EA) can obtain Box apps (Box for EMM, Box Mobile) using the public App Store. When the EA acquires one of the apps, they can provision it through the admin console in Microsoft Intune.
For Android, an admin has to first connect to the managed Google Play store and approve the Company Portal app.
Start with adding a new app policy:
- Add app configuration policies for managed iOS/iPadOS devices.
- Choose Box for EMM or Box Mobile as the Targeted App.
- Use the configuration designer and enter the general and Intune-specific configuration keys/values.
If you’re using Intune for MAM and a third-party provider for MDM that doesn’t have User Principal Name as its variable, try using Email variable instead.
Add a new protection policy
Proceed to add a new protection policy for your app. Choose the Box for EMM/Box Mobile as the public app. Select all the appropriate settings in next steps. Before you save your changes, make sure that all the settings are correct and assigned to the right group.
Box for EMM is restricted to only MDM managed devices - it’s a default feature in Box for EMM. The users can log into Box for EMM only if their account was provisioned with the Microsoft Intune admin console. They have to use their enterprise credentials.
You can make sure that users access Box through Box for EMM.
To do so:
- Go to the Admin console > Apps.
- Find iOS Apps in the Official Box Apps section.
- Disable the following apps by toggling the radio button next to them:
- Box for iPhone
- Box for iPad
- Capture for iOS (EOL: Aug 30, 2024)
- Scroll down to Mobile web and accessibility and disable Box.com mobile site. Make sure that Box for iPhone (EMM) and Box for iPad (EMM) are enabled.
If you deployed any other Box apps, or you have an Android solution, check if you want to disable any additional apps.
Changing the above settings prevents the enterprise’s users from accessing the regular (unmanaged) Box for Mobile app and mobile site. Make sure you notify your Box users before taking this action.
Start with connecting your Intune account to the Android Enterprise account. For more information, see Android Enterprise documentation and Intune documentation. Then, approve your company portal in the managed Google Play store and confirm that it works. Ensure that all approved apps are synced and have the policies/assignments set up for the app.
App configuration policy
Validate if Box for EMM or Box for Mobile is visible in the Play Store. Download it and check if it’s available in the Workspace app. Your users can now open the app and log in.
|A user managed by Microsoft Intune requests to log in to the Box for EMM app that was provisioned with Microsoft Intune.||User logs in successfully.|
|A user managed by Microsoft Intune requests to log in to the Box for EMM app that they installed directly from a public app store.||The user can’t log in, as the Public ID configured in the Microsoft Intune admin console isn’t pushed to the Box for EMM app installed from a public app store.|
|A user backs up the app on one device and attempts to restore it on another device.||The user can’t log in, as the Box for EMM app validates the one time token and determines that the app was not provisioned with Microsoft Intune.|
|A Box user who is not a part of the enterprise deployment of Box for EMM requests to log in to the Box for EMM app provisioned with Microsoft Intune.||The user can’t log in, as their login info doesn’t match the Public ID in the Box for EMM app.|
|The enterprise admin issues a selective wipe to a device managed by Microsoft Intune.||The offline corporate data is removed from the managed device.|
|The Box user un-enrolls their device from Microsoft Intune.||The Box for EMM app is removed from the device.|