Microsoft Intune integration for mobile app management

TRUETECH is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
Microsoft Intune integration for mobile app management
Complex
~3-5 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1054
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

Integrating Microsoft Intune for Mobile App Management

Intune is the de-facto standard EMM for Microsoft-oriented organizations. With Azure AD, Office 365, Teams infrastructure—Intune is logical choice: single console, Conditional Access at Azure AD level, native Defender for Endpoint integration. For mobile app, integration means MAM SDK support or App Wrapping + correct MSAL token handling with device compliance status.

Azure AD App Registration

First step—App Registration in Azure Portal. Without correct registration, Intune can't apply policies.

Minimum settings:

  1. Create App Registration in Azure AD.
  2. Add API Permissions: DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All.
  3. Add IntuneMAM in Redirect URI: msauth.{bundle-id}://auth.
  4. Enable Public client flows for mobile.
  5. In Intune Portal add app to App Protection Policy, assign to groups.

MSAL: Authentication with Conditional Access

MSAL (Microsoft Authentication Library)—ADAL replacement, mandatory for modern Intune.

iOS (Swift):

import MSAL

let config = MSALPublicClientApplicationConfig(
    clientId: "YOUR_CLIENT_ID",
    redirectUri: "msauth.com.company.app://auth",
    authority: try MSALAADAuthority(url: URL(string: "https://login.microsoftonline.com/YOUR_TENANT_ID")!)
)
let application = try MSALPublicClientApplication(configuration: config)

let webParameters = MSALWebviewParameters(authPresentationViewController: viewController)
let interactiveParameters = MSALInteractiveTokenParameters(
    scopes: ["https://graph.microsoft.com/.default"],
    webviewParameters: webParameters
)

application.acquireToken(with: interactiveParameters) { result, error in
    if let result = result {
        // result.accessToken for API requests
    }
}

Conditional Access works automatically: if device non-compliant (old OS, jailbreak per Intune), MSAL gets MSALError with conditionalAccessClaim code—app should reacquire token with additional claims. No manual logic needed: MSAL v1.1+ handles CA challenge automatically.

Intune MAM SDK: Key Integration Points

After adding IntuneMAMSwift (iOS) or intune-mam-sdk (Android)—several mandatory points:

Account registration after auth:

// After successful MSAL login
IntuneMAMEnrollmentManager.instance().loginAndEnrollAccount(userPrincipalName)

Enrollment callback:

class MAMEnrollmentDelegate: NSObject, IntuneMAMEnrollmentDelegate {
    func enrollmentRequestWithStatus(_ status: IntuneMAMEnrollmentStatus) {
        switch status.statusCode {
        case .enrollmentSuccess:
            // Policies applied
        case .enrollmentFailed:
            // Show error, limit access
        case .unenrollmentSuccess:
            // Selective wipe completed
        }
    }
}

Check policy before action:

let policyManager = IntuneMAMPolicyManager.instance()
if policyManager.policy(forIdentity: userUPN).isSaveToPersonalAllowed(for: .camera) {
    // Allow Camera Roll save
} else {
    showRestrictedActionAlert()
}

Managed App Configuration via Intune

In Intune Portal each app can have Configuration Policy—key/value dictionary read by app via UserDefaults.standard.dictionary(forKey: "com.apple.configuration.managed") (iOS) or RestrictionsManager (Android).

Typical parameters:

<dict>
    <key>BackendURL</key>
    <string>https://api.corp.example.com</string>
    <key>TenantID</key>
    <string>corp-tenant-001</string>
    <key>EnableVerboseLogging</key>
    <false/>
    <key>SessionTimeoutMinutes</key>
    <integer>30</integer>
</dict>

App checks managed config on every launch—allows IT to change parameters without app update.

Defender for Endpoint Integration

If organization uses Defender for Endpoint, Intune gets mobile threat signals: jailbreak, malicious networks, vulnerable apps. Conditional Access uses signals to block tokens.

Defender SDK embedded in app—runs background, sends threat events to MDE, Intune gets compliance status. From app perspective—separate dependency, no main logic changes.

Integration Stages

Azure AD App Registration → MSAL setup → Intune MAM SDK → enrollment lifecycle → Managed App Configuration → App Protection Policy in Intune Portal → Conditional Access testing → selective wipe testing → rollout.

Timeline: MSAL + MAM SDK into ready app—3–5 weeks. With Intune Portal setup, policies, testing—6–8 weeks. Cost is calculated individually.