Guide

Distribute the mobile client with Microsoft Intune

Make sure that your organization has an Intune management account with administrator privileges. An administrator needs the Intune management role.

Complete these steps to distribute the mobile client to iOS and Android devices with Microsoft Intune.

Set up and distribute SIA Proxy MITM certificate

If you want to use Threat Protection with SIA Proxy, distribute the SIA Proxy MITM certificate.

  1. See Create a SIA Proxy MITM Certificate to learn how to create a certificate.
  2. Download your binary (.der) certificate and change the file extension from .der to .cer.
  3. See Microsoft Intune documentation to learn how to create a trusted certificate profile and assign it to your devices.

Distribute ​Zero Trust Client​ with Microsoft Intune

To distribute the mobile client with Microsoft Intune, refer to Intune documentation. Note that users need to allow the VPN profile installation manually. To deploy the VPN profile automatically, see Create a VPN configuration profile for iOS and iPadOS:

  1. Add the mobile client for Android devices to Microsoft Intune or Add the mobile client for iOS and iPadOS devices to Microsoft Intune.

    1. To configure ​Zero Trust Client​ in Intune, you may use the following app store links: Google Play Store or Apple App Store.

  2. Configure custom app configuration values for Android or Configure custom app configuration values for iOS/iPadOS.

    1. Use the configuration designer to add this custom app configuration for ​Zero Trust Client​. Enter your organization’s IDP URL or SIA entitlement code as the configuration value.

    Configuration keyValue typeConfiguration value
    idp-urlStringyour_IDP_URL
    entitlementCodeStringyour_SIA_entitlement_code

  3. Enroll Android devices or Enroll iOS and iPadOS devices in Microsoft Intune.

Create a VPN configuration profile for iOS and iPadOS

To automatically deploy and allow the VPN profile on user devices, refer to Microsoft Intune documentation for adding VPN settings.

Use the following settings to create a VPN profile for ​Zero Trust Client​ in Intune:

  1. In Profile type, select Templates and VPN.
  2. In Profile name, enter Zero Trust Client VPN Profile.
  3. In Connection type, select Custom VPN.
  4. Under Base VPN, enter the following information:
    1. In Connection Name, enter ZERO TRUST VPN.
    2. In VPN server address, enter akamai.com.
    3. In VPN Identifier, enter com.akamai.ios.ztclient.
    4. In Authentication method, select Username and password.

Enter the below key and value pair. Select string as the value type.

Configuration keyValue typeConfiguration value
entitlementCodeString<enter your SIA entitlement code here>

  1. In Automatic VPN:
    1. Select On-demand VPN as the type of automatic VPN.
  2. In On-demand rules click Add.
    1. In I want to do the following, select Connect VPN.
    2. In I want to restrict to, select All domains.
    3. Click Save.
  3. In Block user from disabling automatic VPN, select Yes.
  4. Assign users and devices to the policy.
  5. Click Create to save your policy.

Updated 14 days ago