How to Wrap an Android LOB application using MS AWT and deploy on MS Intune as Managed Application.

 

Before wrapping, an application should fulfill the below mentioned criteria:

1.  The application should be a valid Android application package with .apk extension.

2. Must not be already wrapped by any wrapping tool.

3. Should be written for Android 4.0 or above.

4.Generic applications downloaded from Google Play Store by Microsoft, Google and other vendors cannot be wrapped e.g. Cortana, YouTube etc.

 

Pre-requisites:

1. Java Development Kit (1.7,1.8 ) by Oracle. you can download the JDK from this link.

http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html

2. Application Wrapping Tool for Android by Microsoft. Download the latest App Wrapping Tool from Microsoft. Right now the latest version is:

https://www.microsoft.com/en-us/download/details.aspx?id=47267.

3. Before uploading the application to Intune, it should be signed. For signing, Java Keytool can be used. A keystore should be created for this first.

 

Procedure to be followed:

1. Install the JDK environment.

2. Create a keystore.

3. Install the App Wrapping Tool.

4. Wrap the application.

5. Sign the wrapped application.

6. Upload the signed apk.

7. Create a Mobile Management Policy in MS Intune portal.

8. Deploy the application.

 

How to Create a Keystore:

1. Open the elevated PowerShell prompt.

2. To create the keystore, navigate to “C:Program FilesJavajdk1.7.0_79bin” (Default location of Jdk installation for x64).

3. Run the following command:

.Keytool.exe –genkey –v –keystore MSAWT.keystore –alias MSAWT –validity 10000

Provide the details like Org, country etc. and press enter. Provide the passwords for keystore when prompted.

Now the keystore is ready and can be used to sign the applications.

 

How to Install the Application Wrapping Tool.

Application Wrapping Tool is a command line tool. Install the tool by double-clicking the file.

clip_image002

clip_image004

clip_image006

 

How to Wrap the Application:

1. Run the following command in elevated PowerShell module to import AWT module:

“PS> Import-Module “C:Program Files (x86)Microsoft Intune Mobile Application ManagementAndroidApp Wrapping ToolIntuneAppWrappingTool.psm1”

(“C:Program Files (x86)Microsoft Intune Mobile Application ManagementAndroidApp Wrapping Tool” is the Default location of AWT installation on x64 machine)

2.  Next run the following command to wrap the app:

Invoke-AppWrappingTool  -InputPath “Path to your application.apk” –OutputPath “Path to your output wrapped application.apk”

3.  It will take a minute or two and will wrap the application, if all the criteria for the apk as mentioned above is met.

(For reference: https://technet.microsoft.com/en-in/library/mt147413.aspx)

 

How to Sign the wrapped application:

You can sign the application while wrapping the application by modifying the command, or it can be signed later.

To sign the application at the time of wrapping, modify the command in elevated PowerShell module as below:

Invoke-AppWrappingTool  -InputPath “Path to your application.apk” –OutputPath “Path to your output wrapped application.apk”  -KeyStorePath “C:Program FilesJavajdk1.7.0_79binMSAWT.keystore” –KeyAlias MSAWT –verbose

Provide the keystore password when prompted.

Or

To sign the application separately, run the following commands:

1. Navigate to “C:Program FilesJavajdk1.7.0_79bin” in elevated PowerShell module:

2. PS C:Program FilesJavajdk1.7.0_79bin> .jarsigner.exe -verbose -keystore .MSAWT.keystore “Path of your wrapped application.apk” –keyalias MSAWT

Provide the keystore password when prompted.

3. To check if the file is signed, run

PS C:Program FilesJavajdk1.7.0_79bin> .jarsigner.exe –verify “Path of your wrapped&signed application.apk”

The application package app.apk is now wrapped and signed. It can be uploaded to MS Intune portal and can be deployed as managed application.

 

How to create a mobile management policy:

To create a mobile management policy, please refer to the link:

https://technet.microsoft.com/en-us/library/dn878026.aspx

How to Deploy the application:

To deploy a managed application, please refer to the link below:

https://technet.microsoft.com/en-us/library/dn646972.aspx