In this document you can find general information about configuration of EMM with Box for available providers.

Read first

To understand the concepts in the configuration guides, start with reading the following documents:

Prerequisites

Before configuring Box for EMM for a specific provide, make sure that:

you have a role of Enterprise Admin to set up EMM with Box
you are an Admin in the provider’s console. You can find more information in provider’s documentation:
all users in EMM-enabled enterprises are managed Box users
all users have their devices enrolled in the selected vendor’s admin console
Box for EMM and/or Box for Mobile is added to the selected vendor’s admin console
the correct app policy is added

Important: The Box for EMM solution does not support an enterprise deployment where users are both managed and unmanaged.
Box for EMM for iOS allows users to have Box for EMM alongside a second instance of Box for iPhone/iPad, but it is not recommended. The credentials for each remain separate.

Process flow

Create a support ticket requesting the public ID to register for Box for EMM.
Box Product Support provides you with a Public ID to connect with your selected vendor (provider).
Upload the Box for EMM app into the admin console of your vendor.
Create a managed app config that includes the Public ID provided by Box.
Specify the variables that generate the values pushed to the app.
Distribute the application to users with your vendor’s enterprise app store. The one-time token is used to validate that the Box for EMM app is provisioned by the vendor.
When a user requests to log in to Box for EMM, the app sends, among others, the user’s login credentials and Public ID to the Box server. See the table below for more information.
The Box server checks the above information to match a user to a vendor’s server.
The Box server calls the vendor’s server to validate the security or status of the device, using the Management ID.
If the Box and vendor’s servers validated the user’s credentials, Public ID, and Management ID, the user can log in.

Note:
Process flow details might slightly differ depending on the vendor of your choice. Go to a specific vendor’s configuration to learn more.

Configuration keys and values

Required

Below table lists all configuration keys that are required for the Box for EMM application to run successfully.

Configuration key	Description	Required for	Configuration value
Public ID	A shared secret provided by Box to MDM admin. Identifies the enterprise managing the device and settings to apply.	Microsoft Intune	the public ID provided by Box
		Workspace ONE	the public ID provided by Box
		MaaS360	the public ID provided by Box
		Ivanti	the public ID provided by Box
Management ID - MSC only	Identifies the device during the management status check.	Microsoft Intune	AnyString
		Workspace ONE	{ManagementID}
		MaaS360	%CSN%
		Ivanti	${deviceUDID}
com.box.mdm.oneTimeToken (iOS Only)	Precaution against tampering with the deploy after Box login.	Microsoft Intune and others	AnyString
		Workspace ONE	{DeviceUid}
		MaaS360	%CSN%
		Ivanti	${deviceUDID}
User Email Address	Box account to pre-fill and allow during login.	Microsoft Intune	{{userprincipalname}}
		Workspace ONE	{EmailAddress}
		MaaS360	%email%
		Ivanti	${userEmailAddress}
Allow Microphone (iOS Only)	Disable all features which ask for microphone access.	Microsoft Intune	false
		Workspace ONE	false
		MaaS360	false
		Ivanti	false

Note: Key-value pairs may differ depending on your provider. There can be additional key-value pairs needed for a vendor.

Microsoft Intune

The following key-value pairs are specific for Intune.

Configuration key	Configuration value	Comments
Intune Enterprise	1	required for MAM
userprincipalname	{{userprincipalname}}	required for MAM
IntuneMAMUPN	{{userprincipalname}}	required for MAM available to iOS devices only
IntuneMAMOID	{{userid}}	optional for MAM enables iOS users to open Box items in other apps.

MaaS360

The following key-value pair is specific for MaaS360.


Configuration key	Configuration value
Billing ID	the customer billing ID (MSC only)

Optional


Configuration key	Optional for	Configuration value
User Email Address	Microsoft Intune

Box admin console configuration

Open the Box admin portal.
Go to Apps and disable the following options.

Box for EMM:

iOS:
1. Box for iPhone,
2. Box for iPad,
3. Capture for iOS.
Android:
1. Box for Android phones,
2. Box for Android Tablets,
3. Box for Android MDMs.
Enable or keep enabled the Box for MobileIron and Box for Good Technology if they’re also deployed.

Depending on other Box apps you deployed you may need to disable additional apps. Note: Performing these steps prevents users belonging to the enterprise’s deployments of Box and vendors from logging into the regular (unmanaged) Box app and mobile site. Make sure to notify your Box users before taking this step. Specific configuration for each type of deployment:

How-To Guides for Mobile

Box for Android

Box for iOS

Enterprise Mobility Management (EMM) with Box

Configuration Guides - General Information

Read first

Prerequisites

Process flow

Configuration keys and values

Required

Microsoft Intune

MaaS360

Optional

Box admin console configuration

Microsoft Intune

Workspace ONE (AirWatch):

MaaS360:

Ivanti (MobileIron):

Citrix XenMobile:

How-To Guides for Mobile

Box for Android

Box for iOS

Enterprise Mobility Management (EMM) with Box

​Read first

​Prerequisites

​Process flow

​Configuration keys and values

​Required

​

​Microsoft Intune

​MaaS360

​Optional

​Box admin console configuration

​Related Box reference

​Related provider’s reference

​Microsoft Intune

​Workspace ONE (AirWatch):

​MaaS360:

​Ivanti (MobileIron):

​Citrix XenMobile:

Read first

Prerequisites

Process flow

Configuration keys and values

Required

Microsoft Intune

MaaS360

Optional

Box admin console configuration

Related Box reference

Related provider’s reference

Microsoft Intune

Workspace ONE (AirWatch):

MaaS360:

Ivanti (MobileIron):

Citrix XenMobile: