Add certificate per device with Android Management API - android-management-api

Is it possible to push certificates to a device, per device basis? I know you can set up certificates per policy, but I would need to set a different certificate per device (don't ask me why, the client wants it). If that is not possible is it possible to send any kind of data to a specific device?
P.S.
I have created my own EMM with android management API. I set up all the policies, added some commands that can be used per device, and I made a portal where the client can see all the devices. This is the only thing left I can't figure out if it's possible.

Unfortunately, it is not possible to have a different certificate per device with the same policy since the certificate is set up in the policy. Also it is not possible to send different data for each specific device using the same policy.

Related

Not able to download certificate using intune company portal

I have company provided Samsung S20. I have successfully installed Microsoft's Intune Company Portal App.
Then I was also able to register company portal. However after connecting to company portal, it suppose to download certificate from the company portal. But its not downloading any certificate or i dont see any notifications that it is downloaded.
Once i have the certificate, i will use it to connect to Access Point. But that's next step after i have the certificate.
1>What could be the potential issue for not downloading certificate?
2>Where and how can i view the logs?
3>In Company Portal App, Under settings i see Diagnostic Data-> Copy logs. Which says Copy logs to SD card. Where does it actually copies logs.
4>I am connecting from home. Is there any settings i need to do on router.
Note that, I also have company provided iPhone. and I was able to install and configure everything without any issue.
1>What could be the potential issue for not downloading certificate?
It depends on what you need the certificate for. How are you issuing the certificate to the device? via configuration policy?
2>Where and how can i view the logs?
Plug the device into a computer and allow USB to transfer data and files. Should be under Android\Com.microsoftintunecompanyportal\data
3>In Company Portal App, Under settings i see Diagnostic Data-> Copy logs. Which says Copy logs to SD card. Where does it actually copies logs.
refer to previous answer
4>I am connecting from home. Is there any settings i need to do on router.
Sounds like you're trying to get a trust certificate on the device but I would need to understand more about what you're trying to do. RIght now I'm working on a wifi profile for android devices and am using SCEP certificates to do that. But you're welcome to read this to try to gain a better understanding.
https://learn.microsoft.com/en-us/mem/intune/protect/certificates-configure

Slack app and local storage

We are planning a Slack app but we need local storage, we do not want to store any data of user/channel at our server, we want to save it permanently or temporary on local machine of user or in Slack server.
Is there anyway to do it?
Thanks
Here are my thoughts on the topic:
Local storage solution
You would need to implement a "local" helper-app that every user needs to install. Keep in mind that Slack works on many different platforms. So you would either need to limit your app to certain platforms (e.g browser only), or develop a "helper-app" for all platforms that Slack is currently supporting (e.g. Browser, Windows desktop, Apple desktop, iPhone, Android).
You would still need to host your Slack app on a server. Slack requires you to provide a fixed URL to connect to your Slack app, e.g. to invoke a slash command or after pressing a button. Your app would then need to manage the connection with the local helper-app to access the local data storage.
So, I guess it would be technically possible, but would require a lot of effort. And since you will need to host your app on a server anyways, it might be more feasible to also put your user data there.
Storing data on the Slack server
It is possible to store user data on the slack server through the user profile. There one can add custom key/value pairs through users.profile.get and users.profile.set
However, this will not work for slack team related data, like the individual Slack token that is received during the app installation process and needed by the Slack app to use those API methods. So your app needs to at least store the app token centrally together with the slack app itself.

What is the purpose of the different types of Parse keys?

There are different keys for iOS(Client Key), Android(Client Key) and Windows Phone(.NET Key).
What's the purpose?
From my understanding (which isn't infallible), these keys are used so Parse can know what type of platform is connecting to which application.
Different platforms have different communication protocols, so Parse needs to know how to appropriately communicate with you.
Additionally, you don't want anyone to connect to you app. The id ensures that you're connecting to the right app. The key guarantees that it's you, and identifies your platform.
Application ID : Used to uniquely identify your application
Client Key : Used for Android and iOS connections
Javascript Key : Used for JavaScript connection
.NET Key : Used for Windows apps connections
Rest API Key : Used for Rest API connections
Master Key : Used for Rest API connections
Note: The Master Key does not adhere to object-level permissions, while the other keys do.
I found most of this from navigating to my App's settings page and clicking on keys.
Application Id -This is the main identifier that uniquely specifies your application. This is paired with a key to provide your clients access to your application's data.
Client Key - This key should be used in consumer clients, like the iOS or Android SDK. It adheres to object level permissions.
JavaScript Key -This key should be used when making requests from JavaScript running on a user's machine. It adheres to object-level permissions.
.NET Key - This key should be used when making requests from a Windows application. It adheres to object-level permissions.
You can also check here.
Open your Parse account settings then open keys section and click question mark icon.

How to Deploy Apple Push Notification Certificate to Customer Site

Question: How can I securely include the SSL cert required for push notifications in the installer for my server product?
Background: Apple Push Notifications require a client SSL cert to be in place on the server that's making the calls to Apple.
My product has a traditional client/server architecture, i.e. a customer installs the server within their intranet and then obtains the iOS client from the App Store and connects the client to their instance of the server.
The point here is that the customer installs the server themselves, rather than a cloud architecture where I would manage the server myself.
My problem is that I don't know how to package the push notification certificate in the server installer in a secure way. I can't distribute the .p12 file without a password because that would expose my private key, and I can't use a password because the password would have to be included somewhere else in the installer which would defeat the purpose. Do I need to relay messages from all of my customers through a server that I manage, which has the SSL client cert? Do I need to install the SSL cert by hand into every one of my customers' sites?
Surely others must have run into this problem already? Or has everyone moved to the cloud?
Here is a major observation that happened to me over the weekend regarding Apple Push certificates. While there many references out there to setting up the Apple Push server side certificates, here is a MAJOR point I discovered that I cannot find referenced in any Apple documentation, or via google.
My situation: I have Push Certificates (sandbox) working great on Windows Server. Now it is time for production. Installation of production certs is successful like many times before. However, while the production push transmission completes error free, no pushes are generated to the device. Hmmm.
I just HAPPEN to notice that my Mac's time is roughly a minute off from the Windows Server (command-tabbing between MacOS and VM-Ware). Looking at Windows and Mac Settings, I see Windows internet time is set for "time.windows.com", and the mac for "time.apple.com". Just for kicks, I change the windows server time to "time.apple.com". Instantly, pushes are now being sent to the device. Nice. :-)
I dodged a major bullet here, this would have probably driven me insane trying to figure this one out. I do not claim to be an SSL cert guru... I (like most every one) just want to get this stuff to work because we have bigger fishes to fry.
I hope this is useful information.
I know only the solutions to install certificates for push notifications :
.p12, the password is in the code of the sending
.cer (.p12+private key) the password is requested at the importing of the certificate.
In the first case, you can deploy your solution, and download some code, for example xml with the password.

How would you configure a catch-all email system using Google Apps?

Using Google Apps for your Domain, is it possible to set up a catch-all address to act as a proxy for various other addresses on a hypothetical virtual mailbox system and, if so, how would you go about setting this up?
Set up Google Apps so that all mail delivered to a non existant address gets sent to a certain address, log into that mailbox via POP, download all mail addressed to x#your-service.com
You might try the free service described at http://groups.google.com/group/google-appengine/browse_thread/thread/7f48e15a7cedafa6 ; I believe the ability for app engine to directly receive email is on Google's roadmap, but I don't know when it's scheduled to appear, or whether it will be available for free, etc, etc.

Resources