Documentation Home

MovoSuite for Microsoft Intune delivers a simple, powerful self-service experience for deploying apps to classroom iPads.

Table of Contents

Install and Configuration Checklist

The following is a high-level implementation checklist for MovoSuite, with links to detailed steps for each item on the list.

To configure MovoSuite, 1) click the task’s link, 2) complete the steps, then 3) click the “return to checklist” link to return to this checklist.

back to ToC

Prerequisites

Before configuring MovoSuite, you should have the following items in place.

back to ToC | back to checklist

Home Screen

001

FIGURE 1. MovoSuite Home

back to ToC | back to checklist

Request Deployment

To request deployment of one more apps to one more devices, perform the following steps:

  1. Navigate to Request Deployment. 002

FIGURE 2. Deployment Request UI

  1. Click the Choose Apps button.
  2. In the modal dialog that pops up, under Available Apps click the + button next to the app(s) that you wish to deploy. This moves them across to the Selected Apps field. Note the indicators for whether an app requires deployment approval or billing code. 003

FIGURE 3. Choose Apps Modal

  1. Click Save to save your selection and go back to the main form.
  2. Click the Choose Devices button.
  3. In the modal dialog that pops up, under Available Devices click the + button next to the device(s) to which you wish to deploy your apps. This moves them across to the Selected Devices field. 004

FIGURE 4. Choose Devices Modal

  1. Click Save to save your selection and go back to the main form.
  2. Modify your Deployment Action from the default Install if you wish to uninstall apps from the selected devices.
  3. Modify your Deployment Notifications from the default if you don’t wish to receive all email notifications related to this request.

  4. Enter information in the Reason for Request field if it is required.
  5. Enter information in the Billing Code field if it is visible and required (this field can be hidden by the administrator). 005

FIGURE 5. Completed Deployment Form

  1. Click Submit to submit the form and be redirected to the home page. The request list will be updated to add your latest request.
  2. At this point you will receive an acknowledgement email that your request has been received and is being processed. As the request is processed, if your administrator has enabled the Actionable email functionality, and you are using a current version of Outlook (desktop or mobile), the email will automatically update with the latest status every time you view it.
  3. Once the request is fully processed (all apps have been approved / declined if any required approval), you will receive an email notification that the request is completed. Your apps should show up within about 20 minutes of the final notification, if not earlier.

back to ToC | back to checklist

Request App

To request your administrator procure an application license from Apple for deployment to devices, perform the following steps:

  1. Navigate to Request App. 006

FIGURE 6. New App Request Form

  1. Using the search engine of your choice, find the Apple App Store URL for the iOS app you wish to deploy. Paste the URL into the URL field of the form. 007

FIGURE 7. Apple App Store URL via search link

  1. Choose the number of licenses you want your administrator to procure.
  2. Enter information in the Billing Code field if it is visible and required (this field can be hidden by the administrator).
  3. Enter any additional comments in the Comments field as to why you want to purchase these apps. 008

FIGURE 8. Completed Request App form

  1. Click Submit to submit your request.
  2. At this point you will receive an acknowledgement email that your request has been received.

back to ToC | back to checklist

Configuration

The Configuration tab includes the settings that will be visible only to MovoSuite administrators, generally the same person responsible for Intune configuration in your environment.

back to ToC | back to checklist

Onboarding

To complete the MovoSuite onboarding process, perform the following steps:

  1. Navigate to Configuration, and select the Onboarding tab.
  2. First, click the Authorize for Users button, and when prompted, click Accept. This authorizes MovoSuite to query Intune apps and devices on behalf of your users.
  3. Next, click the Authorize Automation button, and when prompted, click Accept. This authorizes MovoSuite to work with Intune and Azure AD in the background.

009

FIGURE 9. Onboarding Wizard

back to ToC | back to checklist

General

010

FIGURE 10. Configuration - General

Self Service

Enable App Catalog Procurement Form

This option is enabled by default, but can be turned off. It shows or hides the Request App navigation entry.

Require Exact Match for Device Lookup

This option is deprecated, and will be removed in the future as it has been replaced by native support for Intune Role Based Access Control (RBAC).

Enable RBAC

When you check the Enable RBAC box under Configuration > General, MovoSuite filters the apps and devices shown to users in the self-service areas based on their permissions in Intune. You should enable Self-Service Tags and Groups if enabling this option, so that MovoSuite can create Scope Tags for each location, and groups for granting assignment.

Enable Self-Service Tags and Groups

If enabled, MovoSuite will provision an Intune role named MovoSuite - Self Service and associated self-service groups and assignments for each MovoSuite location. The permissions granted in this role are as follows:

Enable Field Tech Tags and Groups

If enabled, MovoSuite will provision an Intune role named MovoSuite - Field Tech and associated field tech groups and assignments for each MovoSuite location. The permissions granted in this role are as follows:

Use Two Stage Approval

If enabled, MovoSuite will send a second email to the global email address registered for deployment or purchase requests if a delegated approver (e.g. school principal) has approved the request.

Hide Billing Code

If enabled, MovoSuite will not show the billing code field in forms.

Billing Code Placeholder

Change the placeholder text for billing code fields to guide your users.

Timezone

Configure the site-wide timezone. This is used when rendering times in emails, request history, and event logs.

Other

Admin Group

There are two approaches to managing administrator access in MovoSuite:

The preferred way to manage administrator access in MovoSuite is via Azure AD role assignment. MovoSuite roles in Azure AD are:

To add user or group to MovoSuite roles in Azure Active Directory:

011

FIGURE 11. Adding Users or Groups to MovoSuite RBAC Roles

If not using MovoSuite Azure AD roles, you can choose to use Administrator Group assignment. Create a group for your MovoSuite administrators, and then select the group from the dropdown under Admin Group.

Apple App Store Country Code

The App Store country code selection is used to specify the locale for fetching app metadata. It defaults to CA (Canada).

Group Name Prefixes

back to ToC | back to checklist

Notifications

To configure notifications, perform the following steps:

  1. Configure Sender Email Address
  2. Configure Approval Recipient Email addresses
  3. Configure Office 365 Provider ID
  4. Optional: Configure Webhook Notifications For Microsoft Teams

Notifications Sender Email

Configure the Sender Email address field with the email address of a User Mailbox or Shared Mailbox existing in Exchange Online. Office 365 Group Mailboxes cannot be used for the sender address.

012

FIGURE 12. Sender Email Address

Notifications Recipient Emails

There are three email addresses for backend administrative items. You may use an email-enabled group address for any of these notifications, shown in the figure below.

013

FIGURE 13. E-mail Notification and Message Format

Webhook Notifications

You can configure notification of approval requests (deployment or purchase) to Microsoft Teams via webhook. These notifications are actionable, which means you can approve or decline the approval request right within your Teams channel!

To configure actionable webhook notifications:

  1. Open Microsoft Teams and select the team you would like to receive notifications.
  2. Click the ellipsis (…) next to the team name and select Manage team.
  3. Select the Apps tab.
  4. If you do not see webhooks in the list, click the More apps button.
  5. In the search box , type ‘webhook’. From the search results, select ‘Incoming Webhook’ and click the Add to a team button.
  6. On the ‘Setup an incoming Webhook…’, click the Setup a connector button.
  7. On the Incoming Webhook screen, click Create. Then, copy the URL, as shown in the figure below.

014

FIGURE 14. Webhook URL in Teams

  1. To complete the configuration, go back to the Configuration > Email tab of MovoSuite.
  2. Paste the URL from step 7 into one or both fields provided in the ‘Webhook Notifications’ area.
  3. Click the Save button at the bottom of the screen to save your changes.

015

FIGURE 15. Webhook Notifications configuration

back to ToC

E-mail Templates

Configuring your email templates is a simple 2-step process:

STEP 1: Select the Action: Select the action for which you wish to configure the e-mail template, shown in Figure X and described in the list below.

016

FIGURE 16. Email Template task selection

STEP 2: Customize the Template: The default template for that function you chose will be presented right below the list, as shown in Figure X, Customize the template customize using free text and variables shown at the bottom of the template. Supported variables are:

Variable Description
%appName Display name of the app referenced in the request.
%requestId The ID number of the request
%requestStatus Status the request (e.g. In progress, Complete, Failed)

IMPORTANT: Click Save to save your changes to the template you are working with BEFORE choosing another!

017

FIGURE 17. Email Template configuration area

back to ToC | back to checklist

Note: MovoSuite sends a command for each device after approval and initial batch of non-approved apps, rather than waiting for the devices to report back before sending the email. The message is sent only after the last app in the list has been provided.

Generate the Office 365 Provider ID

While still in the Email configuration area, we will generate the Office 365 Provider (Originator) ID. This establishes a trust foundation for Outlook to fetch the latest information for the email from MovoSuite for notifications related to app approval and app procurement workflows.

  1. You will click the Create Provider ID button. This will take you to the Actionable Email Developer Dashboard where you can generate this ID. You will need the three items listed under the textbox in Figure 17.

    018

    Figure 18. The Office 365 Provider ID

  2. You will now provide answers to the following items:

    2.1. New Provider:

    • Friendly Name: MovoSuite
    • Sender email address: the sender email address from Actionable Emails section (unchangeable)
    • Provider URL: target URL from Actionable Emails section

    2.2. Scope of submission: Organization

    2.3. Additional Information:

    • Other email addresses: Email addresses of others who should be notified about MovoSuite license renewal.
    • Comments: “Email notifications from MovoSuite for Intune”
  3. At the bottom of the form, check the box labeled “I accept the terms and conditions…” and then click Save.
  4. Once you have generated the ID, an email notification will be sent to the Exchange administrators of your organizations to approve. If you are a Global Administrator or Exchange Administrator, you can approve the pending ID from the admin view of the Actionable Email Developer Dashboard here.
  5. Save the Provider ID (originator) from the Actionable Email Developer Dashboard into MovoSuite, and save the change.

back to ToC | back to checklist

Integration (bulk admin)

The Integration Settings area of the MovoSuite interface includes:

019

FIGURE 19. Asset Integration and Data Ingestion

back to ToC | back to checklist

Locations

Locations in MovoSuite underpin much of the automation, supporting device naming and role based access. Specifically, creating a location services to:

Additionally, a delegated approver for deployment and purchasing can be defined per location. This enables approval requests to be routed to someone like a principal at a school for first pass, and then routed to the MovoSuite globally defined approvers. You can also select a VPP token for a specific location. Selecting a VPP token for a specific location will add the Intune Scope Tag to the token, allowing members of the location’s self service user group to view the apps on that token.

020

FIGURE 20. Location Details list

back to ToC | back to checklist

Apps

The Apps area in MovoSuite configuration allows you to view details for specific applications, and configure whether an app requires a billing code to be deployed, requires admin approval for deployment, or is hidden from the self-service form. Additionally, MovoSuite also surfaces details on how many licenses are available, as well as the app Bundle ID, useful for configuring Home Screen / folder layout configuration profiles in Intune.

MovoSuite also fetches the latest app artwork URLs and descriptions from Apple, ensuring MovoSuite catalog details remain up to date with Apple’s App Store.

Clicking the Expand button on an app in the Apps list will show the install and remove groups that MovoSuite has provisioned. MovoSuite automatically provisions a pair of Install and Remove groups (defaults to Z-AG-VPPTOKEN-iOS-INSTALL/REMOVE-APP NAME), and assigns the appropriate Intune app intent to the groups. During self-service deployment processing, MovoSuite adds or removes devices from the appropriate app group.

021

FIGURE 21. App List

back to ToC | back to checklist

Devices

The Devices area in MovoSuite configuration shows you the devices recorded in MovoSuite, and allows you to (re)assign a device to a location. Assigning a device to a location will update the name of the device on the next rename cycle if applicable.

Clicking the Expand button on a device in the Devices list will show you additional details for the device, including the Intune and Azure AD object IDs. You can also add / modify asset tag and management notes.

To export the Devices list to Excel, click Export above the scroll bar on the right.

022

FIGURE 22. Device List

back to ToC | back to checklist

Requests

The Requests area in MovoSuite configuration allows you to view submitted requests and their details, as well as initiate reprocessing of a request in the event one appears stalled. To view details, click the info button on a request. To reprocess the request, click the circular arrow on the request.

023

FIGURE 23. Deployment Request List

back to ToC | back to checklist

Experimental

The Experimental area in MovoSuite configuration allows you to enable features that are in preview for customers. These features generally are still undergoing testing and validation with customers, so enable at your own risk.

024

FIGURE 24. Experimental Features Page

back to ToC | back to checklist

FAQ

What if I don’t configure RBAC? Your teachers can view all apps and all devices.