Release 2021-10-13 of the Blue Cedar Platform adds support for Blue Cedar's No-Code Integration Service for Enforce which embeds Blue Cedar Enforce app security into mobile apps without writing code. Blue Cedar Enforce is not dependent on any unified endpoint management (UEM) solution and provides protection for data in mobile apps on managed and unmanaged devices.  App security controls that are enabled by this no-code integration include Data Encryption, Device Posture, Data Loss Prevention, and Authentication.  Additionally, this release introduces the multi-tenant app capability for the Microsoft Intune Service using the Azure AD authentication configuration.  See the referenced online documentation pages for more information, or click Help when you’re logged into the Blue Cedar platform.


Blue Cedar Enforce no-code integration  

Blue Cedar's No-Code Integration Service for Enforce integrates Blue Cedar Enforce app security to an app with a pre-configured collection of app security policies.  Available app security policy controls that can be pre-configured into an integrated app include:

  • Data Encryption which uses device-independent encryption to protect data-at-rest.

  • Device Posture which requires various attributes (e.g., minimum OS version, jailbreak/root detection, device screen lock) be met prior to allowing the app to execute.

  • Data Loss Prevention (DLP) which prevents copy/paste between protected and unprotected apps

  • Authentication (e.g., fingerprint, require PIN/passphrase, etc.)
 for device screen lock

Blue Cedar Connect  

Blue Cedar Connect enables secure access to corporate data with an in-app VPN that is optimized for mobile environments.  When the Blue Cedar Enforce extension is enabled, it provides the option to embed the Blue Cedar Connect in-app VPN client.  The in-app VPN client works with Blue Cedar Enforce and makes it easy for a mobile app to connect to resources behind the firewall, even if the app is running on an unmanaged device. 

  • Blue Cedar Connect for securing access to corporate data with an in-app VPN client. 

What do I need to do?

To use the Blue Cedar Enforce no-code integration, first enable the corresponding extensions and then add the steps to your workflows.

To add Enforce to a mobile app:

Microsoft Intune no-code integration - multi-tenant apps 

Blue Cedar's No-Code Integration Service for Microsoft Intune now supports configuration of the app to accept the multi-tenant sign-in for providing apps to many organizations using different Azure AD tenants.

What do I need to do?

To use the Microsoft no-code integration, first enable the corresponding extensions and then add the steps to your workflows.

To add Intune to a mobile app:

  • Enable the Intune extension listed under No-Code integration, as described in Extension - Microsoft Intune. You don't need to add any extension configurations for Intune.

  • Add the Intune workflow step to an App container under the App Enhancement stage in the Workflow Builder. Configure the step as described in No-Code Integration - Microsoft Intune.

  • For mulit-tenant, select that option in the Microsoft Intune configuration Step.

Additional notes on the Microsoft integrations:

  • While you can add Intune without having to include the Endpoint Manager in your Blue Cedar integration, you cannot add the Endpoint Manager step unless you've first added the Intune step.

  • The Microsoft and BlackBerry no-code integrations are mutually exclusive. Adding either of these steps to a workflow disables the other options. You can see options in new workflows for any extensions that have been enabled.

  • See Open issues/limitations with this MSAL release below for notes about MSAL feature support and migrating from the Active Directory Authentication Library (ADAL) to MSAL.

Resolved issues

Apps and workflows




Fixed a bug to support long app names.


Fixed a bug for loading the apps list with window resizing.

BlackBerry Service




Added validation for the GDApplicationID across workflow steps to support the BlackBerry UEM requirements.


Added a validation for the BlackBerry UEM extension configurations during create and update.

Microsoft Service




Added  checks in the Blue Cedar Connect sub-step to validate the certificate expiry date.





Fixed an issue to allow column sorting on the Artifacts page.


Fixed a bug to support long app names.  


Added the name of the app deleted in the notification message.


Fixed an issue to handle displays when loading workflow information on the Artifacts page.


Fixed a bug that prevented the warning icons next to a field on app binary details page from displaying tooltip details.