How to identify every iPhone which installed intune?

Question

How to identify every iPhone which installed intune?

Ayumi Fukumoto 0

Folks,

We have a plan to install Intune instead of MobileIron and all of our iPhone will register to Azure AD.

On the other hand, we have on-premise scheduler server.

Our on-premise scheduler server identify who access to this server using UUID via MobileIron.

But we will use Intune instead of MobileIron as MDM in this summer.

So we have to find the solution to realize same feature which means identify who access from iPhone, and which schedule page we have to show the user.

Azure AD App Proxy can use one of the solution to access on-premise server, but only App Proxy, we cannot identify who access to scheduler server from the iPhone.

Right now, we use userAgent of the MobileIron's HTTP request because its includes UUID.

Therefore we use $SERVER[HTTP_USER_AGENT] of the php to identify the user.

Our server has every users UUID, so after get the UUID, we search the user using UUID and we show the individual page.

[Question]

Under the Azure AD, App Proxy, and Intune, how to identify the access user from the iPhone?

We discussed with the System Integrator, but they cannot answer for this question.

Please let me know if you have any concerns or questions.

Cheers,

Ayumi

2 answers

Your answer

Answer 1

Crystal-MSFT 53,936 Microsoft External Staff

@73573294, Thanks for posting in Q&A.

Based as I know, Microsoft Intune is a cloud service which used to manage devices and apps.

https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune

I notice you want to identify who access the server. Based as I know, Intune didn't provide the feature to monitor this. The authentication and access are controlled by Azure AD. Based on my researching, Azure AD sign in log provides valuable insight into how your users access applications and services. Here is a link with more details:

https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins

You can see if the log can show what you want. Meanwhile, I have added the "Azure Active Directory" tag to help you get more help.

Thanks for your understanding.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Ayumi Fukumoto 0 Reputation points

2023-03-06T03:13:42.5633333+00:00
Hi,

Thank you for your comment.

I can understand that Intune cannot send the information which identify who's iPhone access to on-premise our schedule server via AAD App Proxy.

On the other hand, as you mentioned that AAD has the some information which unique.

<Our Topology>

Intune managed iPhone -> AAD App Proxy -> (unique id) -> on-premise schedule server

Access to on-premise schedule server via browser which is Safari or Edge by Intune managed iPhone

In this case, how to access the schedule site via AAD App Proxy?

Please let me know if you have any concerns or questions.

Thank you.
Ayumi Fukumoto 0 Reputation points

2023-03-08T02:39:01.21+00:00

Hi,

I found below docs, but I cannot understand how to use.

*Header-based single sign-on for on-premises apps with Azure AD App Proxy

https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on-with-headers

AAD folks,

Could you tell me how to use above SSO technology?

Thanks,
Ayumi Fukumoto 0 Reputation points

2023-03-08T02:42:25.4566667+00:00

Please ignore this comment. Sorry for your inconvenience.
Crystal-MSFT 53,936 Reputation points Microsoft External Staff

2023-03-08T06:23:20.0833333+00:00

@73573294 , Thanks for the reply. For this part, I am not familiar. As Azure AD support is not involved. I suggest open a new thread with tag "Azure Active Directory." to see if the related support can be found.
Ayumi Fukumoto 0 Reputation points

2023-03-08T13:17:05.9033333+00:00
Hi,

Thank you for your comment.

I can understand that Intune cannot send the information which identify who's iPhone access to on-premise our schedule server via AAD App Proxy.

On the other hand, as you mentioned that AAD has the some information which unique.

<Our Topology>

Intune managed iPhone -> AAD App Proxy -> (unique id) -> on-premise schedule server

Access to on-premise schedule server via browser which is Safari or Edge by Intune managed iPhone

In this case, how to access the schedule site via AAD App Proxy?

Please let me know if you have any concerns or questions.

Thank you.

Answer 2

@Ayumi Fukumoto

Since this is a deployment query, I would try my best to guide you through this.

Configure Azure Application proxy on the application sever (on-prem). Please do make sure all the Prerequisites are authentication must be set to Passthrough.
Add an on-premises app to Azure AD.
- Internal URL: Should be the FQDN of your server (This won't be accessible to your users).
- External URL The address for users to access the app from outside your network. If you don't want to use the default Application Proxy domain, read about custom domains in Azure AD Application Proxy.
Once above configuration is done the start with Publish the application with Application Proxy

Please do let me know if you have any queries on this.

Thanks,

Akshay Kaushik

Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.

Ayumi Fukumoto 0 Reputation points

2023-04-10T04:57:50.3133333+00:00

Dear @Akshay Kaushik , Thank you for your answer. And sorry for my delayed response. I will try your proposal steps. Cheers, Ayumi Fukumoto

Share via

How to identify every iPhone which installed intune?

2 answers

Your answer