The Blue Cedar Accelerator for Microsoft allows you to integrate the Microsoft Intune App SDK and the Microsoft Azure Active Directory Authentication Libraries (ADAL) into iOS and Android mobile apps. These apps then have Microsoft Intune app protection policies and can be managed by Intune. 

Intune features

The Blue Cedar Accelerator for Microsoft supports these Intune app protection features:

  • Configure clipboard restrictions (that is, cut/copy/paste restrictions)
  • Enforce encryption on saved data 
  • Remotely wipe corporate data
  • Enforce the use of a managed browser (for example, require the Intune Managed Browser app to access corporate websites)
  • Enforce a PIN policy (using Azure ADAL to verify credentials)
  • Require users to sign in with a work or school account for app access (using Azure ADAL for SSO)
  • Check device health and compliance (jailbreak check on iOS, root detection on Android)

These Intune features are not supported:

  • Control users’ ability to move corporate files
  • Support multi-identity: coexistence of policy-managed (corporate) and unmanaged (personal) accounts in a single app
  • Remote access to on-premises applications through Azure Active Directory's Application Proxy

Authentication

The Blue Cedar Platform integrates a default Intune and ADAL configuration into your mobile apps. These services give you app protection and a single sign-on (SSO) experience that authenticates to cloud or on-premises Active Directory (AD).

You can also customize the Microsoft Azure settings for the Active Directory configuration and MDM authority.

To customize the Microsoft Azure settings for the Blue Cedar Accelerator, you need access to the Intune portal for your organization—the portal URL and an admin ID.

Secure Microtunnel

You can also use the Blue Cedar Platform to embed an in-app IKEv2 VPN client when you integrate an app with the Blue Cedar Accelerator for Microsoft. To do this, you need the Blue Cedar Accelerator for Secure Edge Connect, which is licensed separately, but is accessible from the UI for the Blue Cedar Accelerator for Microsoft. The in-app VPN client (also referred to as a Secure Microtunnel) uses an IKEv2 gateway to connect to network-protected resources such as a backend service or application.

  • The in-app VPN client is embedded into the app itself, making the entire secure connectivity aspect transparent to the end user. 
  • This IKEv2 gateway can be a third party gateway (IPSec based) or the Blue Cedar Connect Gateway.

The Secure Microtunnel has been validated to work with the Cisco ASA gateway but should work with any 3rd-party IKEv2 gateway. 

You can also upload one or more trusted SSL (X.509) certificates that an integrated app can then use when establishing an SSL connection with the servers it needs to access.

More information

For Blue Cedar details:

See the Microsoft Intune documentation https://docs.microsoft.com/en-us/intune/ to configure Intune options.