Overview

Webex supports integration with Enterprise Mobility Management (EMM) such Microsoft Intune, a cloud-based service that provides both Mobile Application Management (MAM) and Mobile Device Management (MDM) capabilities.

MAM software allows you to provision, configure and control access to mobile applications deployed in your organization. MDM software allows administrators to monitor, manage and secure corporate mobile devices used in your organization. Webex can be enrolled and managed on personal devices and corporate phones using MAM and MDM applications.

Deployment options

There are three deployment options available with Intune:

EMM with Mobile Device Management—All devices and corporate applications are enrolled in, and managed by the MDM application. Administrators create an app protection policy and apply it to Webex for Intune. This policy defines a set of rules to control sharing of corporate data. The app protection policy allows you to control the sharing of Webex data from both Android and iOS devices. Additionally, device restrictions can be configured to control data sharing from iOS devices.

See the Configuration Steps for more information.

EMM with Wrapped Application—In this deployment model, you can use an app wrapping tool to wrap the Webex app. The wrapped application files allow a MAM application to control how apps can be used on a mobile device. Users can download the wrapped and MAM managed version of the Webex App from the enterprise’s own app store or MAM app repository. The application protection policy controls the sharing of corporate data from the wrapped application.

See Create an Application Protection Policy for more information.

Wrapped versions of Webex apps (.IPA files for iOS, and .APK files for Android) are available from the mobile application management program.

EMM with Intune SDK Integration—We have added support for Intune SDK as a further deployment option. Using Intune SDK, we have created the Cisco Webex for Intune (SDK) app, available from the App store and Google play. In this deployment model, mobile devices are not MDM managed and enrollment is optional. Webex for Intune allows for the enforcement of app policies, such as on-demand VPN and use of work email. In this deployment model, download Webex for Intune from the App Store or Google Play and assign the application protection policy to control the sharing of data.

See Create an Application Protection Policy for more information.

Things to keep in mind

  • Ensure that you have Microsoft Endpoint Manager admin center access.

  • User must have a Webex account.

  • Ensure that users are created in your Active Directory and that users have been assigned Intune licenses.

  • If Android devices are enrolled, ensure that they are enrolled in Intune with a Work profile and that they are compliant with your organization's compliance policy.

Configuration Steps

Set up Webex for Intune with managed devices.

  1. Add Webex for Intune for Android.

  2. Add Webex for Intune for iOS.

  3. Check Application Installation Status.

  4. Create an Application Protection Policy.

  5. Check Appllication Protection Policy.

  6. Approve User Access.

1

Sign in to Microsoft Endpoint Manager Admin Center.

2

In the left pane, select Apps, and under Platform choose Android.

3

Click Add.

Webex for Intune can be deployed from the Store app in two ways:

  • Managed Google Play app

    Search for Cisco Webex for Intune, click Approve and then click Sync.

    When the sync completes, the app is added to the App catalog.

  • Android Store App

    Enter the following information and then click Next:

    • NameCisco Webex for Intune

    • DescriptionCisco Webex for Intune

    • PublisherCisco

    • App store URLhttps://play.google.com/store/apps/details?id=com.cisco.wx2.android.msintune

    • Minimum operating systemAndroid 7.0 (Nougat)

1

Sign in to Microsoft Endpoint Manager Admin Center.

2

In the left pane, select Apps, and under Platform choose iOS/iPadOS.

3

Click Add application and choose iOS store App.

4

Search for Cisco Webex for Intune, enter the following information:

  • Name—Cisco Webex for Intune
  • Description—Cisco Webex for Intune
  • Publisher—Cisco
  • Minimum operating system—iOS 12.0

For iPadOS, select Minimum operating system as 13.1 and later

1

Sign in to Microsoft Endpoint Manager Admin Center.

2

In the left pane, select Devices and choose from Android or iOS.

3

Select the device that you have installed Webex on, click Managed App, and then search for Cisco Webex for Intune.

4

Check the installation status.

Application Protection Policies are rules that ensure an organization's data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move corporate data, or a set of actions that are prohibited or monitored when the user is in the app. App protection policies are available for MDM - managed Webex for Intune and wrapped applications (.IPA and .APK files).

If you have an existing application protection policy, you can use the same policy and assign it to the user. Or, you can use the following steps to create a new app protection policy.

1

Sign in to Microsoft Endpoint Manager Admin Center.

2

In the left pane, select Apps and click App protection Policies.

3

Select Create policy and choose Android or iOS.

4

Enter a name for the protection policy and click Next.

5

Select custom apps and enter the platform specific package ID:

  • Android—com.cisco.wx2.android.msintune

  • iOS—com.cisco.squared.Intune

6

Then, click Next.

7

For Data protection, choose the restrictions you want to apply and then click Next.

8

For Access requirements, configure a PIN and credential requirements.

9

For Conditional launch, click Next.

10

For Assignments, assign the policy to a Webex user group and then click Next.

11

Review the settings you have entered and then click Create.

1

Sign in to Microsoft Endpoint Manager Admin Center.

2

In the left pane, select Apps and click App Protection Policies.

3

select the App Protection Policy and verify the users are checked in and the policy is applied.

1

Users are prompted to request access when they sign in to Webex for the first time.

2

Administrators can grant permission for users to access the app from the Azure Enterprise App.

Microsoft Intune supports the following policies with Webex for Intune on managed devices:

  • Passcode/TouchID—Allow users to set up a Passcode or TouchID. The user is prompted to enter a passcode when they launch the Webex app from a mobile device.

  • Maximum PIN attempts—Define the maximum number of times a user can enter an incorrect PIN.

  • Managed Open-In/Document Sharing—Allow sharing of documents from Webex for Intune to other policy-managed apps.

  • Prevent App Backup—Prevent users from saving Webex data to Android back-up service or iCloud for iOS.

  • Disable Screen Capture—Block screen capture and Google assistant capabilities. For iOS devices, use the iOS restrictions option in Intune.

  • Remotely Wipe App—Allow administrators to remotely wipe Webex for Intune from a mobile device.

  • Disable Copy and Paste—Prevent users from using copy and paste between Webex for Intune and other apps. However, you can allow copy and paste with other corporate policy-managed applications.

  • Disable Save Copies of Org Data—Block users from saving Webex for Intune data on local devices. Administrators can select services, such as OneDrive or SharePoint, to store Webex for Intune data.

  • Unlocked devices—Restrict users from running Webex for Intune on devices which have been unlocked (Jailbroken or rooted), to gain administrative or root access controls.

  • Minimum App version—Define the minimum version required for Webex for Intune to run on mobile devices.