EducationSoftwareStrategy.com
StrategyCommunity

Knowledge Base

Product

Community

Knowledge Base

TopicsBrowse ArticlesDeveloper Zone

Product

Download SoftwareProduct DocumentationSecurity Hub

Education

Tutorial VideosSolution GalleryEducation courses

Community

GuidelinesGrandmastersEvents
x_social-icon_white.svglinkedin_social-icon_white.svg
Strategy logoCommunity

© Strategy Inc. All Rights Reserved.

LegalTerms of UsePrivacy Policy
  1. Home
  3. Topics

Enterprise Mobility Management Resources

Benjamin Reyes

Vice President, Product Management • MicroStrategy

This document will examine the architecture, implementation, security, and management of the mobile solution.

When extending the Strategy experience to a mobile device, a few questions need to be considered beyond just how to distribute the mobile applications:

  • How are the mobile users going to authenticate the application?
    • Is Single Sign-On (SSO) desired? SSO enables users to sign into one corporate application and is automatically signed into all the corporate applications. Need help deciding if this SSO is right for you? See Single Sign-On to Applications in Azure Active Directory.
  • Is secure communication between the servers and the mobile application desired?
    • If yes, you need a VPN. 
  • Should all mobile traffic go through the corporate infrastructure or only the traffic to and from the corporate server?
    • If only the corporate traffic should go through corporate infrastructure, then a per-app VPN is needed.
  • Are mobile users bringing their own devices or are users provided with a company owned device?
  • What happens when the employee leaves the company or the mobile device is lost?
    • The application and the data associated with the application will need to be removed.

InTune for Device Management

InTune is Microsoft's tool to manage mobile devices and is deployed in the Azure Cloud. The Strategy Intelligence Server and the Strategy Mobile Server can be deployed in a private environment or a public cloud. One possible deployment architecture utilizing Intune and Azure AD may look like the following.

ka02R000000kdgaQAA_0EM2R000000gqux.jpeg

The Strategy server software can be deployed in a corporate data center or in a public cloud. The VPN server is used to ensure that communication between mobile clients, like Strategy Mobile and Strategy Library, is secured outside of the corporate network. 
Device management is handled by Microsoft Intune and can be used to configure, deploy, and manage the clients. The servers can be configured to use Azure Active Directory for authentication. With the Azure Active Directory, SSO and multi-factor authentication are available.

Configure a New Device with the InTune Management GUI

  • InTune Documentation
  • Authenticating with Azure Active Directory
  • Secure Communications
    • Per-App VPN (app tunneling): Used to send only the application traffic through the VPN tunnel and the rest of the device traffic around the VPN tunnel and directly to the WWW.  Currently Microsoft Intune supports Pulse Secure and Citrix VPN clients are supported on both iOS and Android for per-app VPN.
    • Whole Device VPN: Used to send all traffic from the device through the VPN tunnel, including non-related WWW traffic. Currently Microsoft Intune supports Cisco AnyConnect VPN for both iOS and Android for whole device VPN.  
  • Device Enrollment Options
  • Configure iOS devices and Publish application to the App Store
  • Configure Android devices and Publish application to the Google Play Store
  • Secure Information - App Restrictions
    • Available app restrictions from InTune
    • MicroStrategy tested app restrictions
  • Troubleshooting issues when deployed with appconfig


 
 
KB483177

Comment

0 comments

Details

Knowledge Article

Published:

April 15, 2019

Last Updated:

April 15, 2019