The following post was contributed by Nick Ciaravella. Nick is a software developer with experience in the Enterprise & Client Management sector. In his current role, he is contributing to the Consumerization of IT by developing management solutions for the iOS platform.
In this post we will show you how to create the necessary files to publish line of business (LOB) apps for iOS devices through Windows Intune. The distribution of iOS apps requires two files, an application archive (.ipa) and a manifest file (.plist).
Since we know that many companies have separate divisions for developers and IT administrators, we will show you how to create both files as a part of the app creation (through Xcode), and also how to create the manifest from only the app file.
In order to create an LOB app for iOS, you will first need to join the iOS Developer Enterprise Program. For more information about how to do this see Apple's website.
Next you will need to install the necessary provisioning profiles and developer certificates on your development computer. For more information about how to do this see Apple's App Distribution Guide.
Now you can proceed with building your app and distributing it through Windows Intune.
Make sure a registered development device is connected to your Mac and selected as the target. Then click Product -> Archive from the Menu bar in Xcode.
When the archiving process finishes, Xcode should automatically open up an Organizer window showing your newly created archive. If it doesn't, open the Organizer (Shift+Command+2 or Window->Organizer) and click the "Archives" tab. It should look like the following page. After selecting your archive, click on the "Distribute…" button.
Next, the wizard will ask you how you'd like to distribute the app. Choose "Save for Enterprise or Ad Hoc Deployment" and then click "Next".
Next you will have to fill in some information about your app and save the files locally. There are really only three values that we are interested in when uploading to Windows Intune:
· Application URL: This should be a URL to your .ipa file. Since Windows Intune will manage the .ipa file, this can be any value. Windows Intune will fill in the correct value after you upload the files from the administrator console.
· Title: The title of the app. This is displayed in an alert box when iOS asks the user for permission to install the app.
Small Image URL: A URL to an image that will be displayed when the app is installing. If you do not specify this, an Apple default will be shown.
Once saved, you'll notice that both the app archive and manifest files have been created. These can be uploaded to Windows Intune without any changes.
Opening up the manifest file generated by using the values in the previous screenshot, you'll see this an XML document. An official reference from Apple can be found here: http://help.apple.com/iosdeployment-apps/mac/1.1/#app43ad871e.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
If you take a look at the values, you can see that the values highlighted in green are actually your inputted values. Even more interesting, the two values highlighted in yellow are coming from the app's bundle, more specifically its Info.plist file.
If you cannot create the manifest file through Xcode, it can be created manually with a few simple steps. All you need to do is find out the bundle-identifier and bundle-version for your app, then fill in in the template below.
Unfortunately, the app's bundle-identifier and bundle-version will not be directly readable because an .ipa file is usually signed. However, the data you need is made available through Apple's iPhone Configuration Utility.
First, download and install the iPhone Configuration Utiltity (IPCU).
After opening IPCU, click the "Applications" library item, and drag your .ipa file into the list. You should see the following page. The "Identifier" and "Version" columns are the bundle-identifier and bundle-version values respectively.
Now you can create the manifest file. Just copy manifest file contents below and replace the three highlighted values in the metadata dictionary with your own.
1. Replace com.contoso.expense-reports with your bundle-identifier.
2. Replace 1.0 with your bundle-version.
3. Replace Expense Reports with your app’s name. This will be displayed to the user in an alert asking for permission to install the app.
Once you have the app and manifest files needed, you can upload them through the Windows Intune administrator console. A detailed post on this can be found here: http://blogs.technet.com/b/windowsintune/archive/2012/08/24/mobile-application-distribution-capabilities-in-windows-intune-june-2012-release.aspx.
J.C. Hornbeck | Solution Asset PM | Microsoft GBS Management and Security Division
Get the latest System Center news on Facebook and Twitter:
System Center All Up: http://blogs.technet.com/b/systemcenter/ System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/ System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/ System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/ System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/ System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm
Windows Intune: http://blogs.technet.com/b/windowsintune/ WSUS Support Team blog: http://blogs.technet.com/sus/ The AD RMS blog: http://blogs.technet.com/b/rmssupp/
The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/ The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/ The Forefront TMG blog: http://blogs.technet.com/b/isablog/ The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/