Install the Android Filter app on Shared Device Mode (SDM) devices using Intune

The Android Filter app provides real-time filtering that seamlessly integrates with Smoothwall Cloud Filter, ensuring your policies are consistently applied. 

This guide outlines the steps to install the Android Filter app on devices in Shared Device Mode.

Alternatively, see how to install the Android Filter app on single-user devices.

Before you begin

• Ensure you have managed Android devices.
• Your devices must meet the Android Filter app's minimum device requirements.
• You must have access to your organisation’s Microsoft Entra account at a minimum as an Application Developer.

Step 1: Create an enrolment policy

1. Sign in to the Microsoft Intune Admin Center.
2. Go to Devices > Android > Device onboarding > Enrolment.
3. Select Corporate-owned dedicated devices.
4. Select Create policy to create a profile with the Token type set to Corporate-owned dedicated device with Microsoft Entra shared mode.

(Optional) Step 2: Create Groups

You can use any Intune Groups for app configuration and deployment. Dynamic Groups automatically add devices to the Group upon enrolment, removing the need to add devices manually.

Add Dynamic Groups, with the Property set to the name of the enrolment policy created in Step 1.

Step 3: Set the device mode

1. Go to Devices > Android devices > Configuration.
2. Select Create to create a new profile.
   1. For Platform, select Android Enterprise.
   2. For Profile type, select Templates > Device restrictions.
3. In Configuration settings > Device experience:
   1. For Device experience type, select Kiosk mode (dedicated and fully managed).
   2. For Kiosk mode, select Multi-app.
   3. (optional) To add the Android Filter app to the device’s home screen:
      1. Select Add.
      2. Search for and select Qoria Filter.
      3. Select to add the app to the home screen.
4. In the Dedicated devices section, change the MHS sign-in screen toggle from Not configured to Enabled.
5. In the Assignments step, select Add groups and select the Group set up in Step 2.
6. Review the settings before selecting Create.

Step 4: Deploy the Android Filter app deployment rules

1. Go to Devices > Android Apps.
2. Assign these apps to the Group you set up in Step 2:
   • Managed Home Screen: Allows the Android Filter app to run.
   • Microsoft Authenticator: Enables the Android Filter app to query the Entra user and retrieve credentials for authentication.
   • Qoria Filter: Filters the traffic from the installed browser.
   • Any browser that will be used.

Step 5: Create the application registration

1. Sign in to the Microsoft Entra Admin Center.
2. Create an application registration with Qoria Filter as the Name.
3. Copy the Application (client) ID from the Overview page.
4. Add a redirect URI:
   1. For Configure platforms, select Android.
   2. For Package name, enter com.qoria.uc.android.edu
   3. For Signature hash, enter DerKHNf9otWK42NDRZp3lshQ5sQ=

Step 6: Create the App Configuration Policy

1. Sign in to the Microsoft Intune Admin Center.
2. Go to Apps > App configuration policies.
3. Select Add > Managed Devices.
4. In the Basics step:
   1. Add a name, such as Filter Configuration Profile.
   2. For Platform, select Android Enterprise.
   3. For Profile Type, select Fully Managed, Dedicated and Corporate-Owned Work Profile Only.
   4. For Targeted app, select the Qoria Filter app.
5. In the Settings step:
   1. For Configuration settings format, select Use configuration designer.
   2. For Tenant ID:
      1. If you have a multi-tenant setup and don’t want to use the Default Tenant, select the checkbox. Select string and enter the Tenant ID.
      2. If you don’t have a multi-tenant setup, or you want to use the Default Tenant, don’t select the checkbox.
   3. Select the checkbox for Hardware Id. Select your identifier from one of two types:
      1. Select string as the value type. Enter an identifier to be used in reporting, such as your device’s serial number.
      2. Choose variable as the value type and select ‘Intune Device ID’ from the dropdown menu.
   4. Select the checkbox for Serial Id, select string and add the serial number.
   5. Select the checkbox for Microsoft Entra Application (client) Id, and enter the Application (client) ID from Step 5.
6. In the Assignments step, select Add groups and select the Group set up in Step 2.
7. Review the settings before selecting Create.

Step 7: Add the Android Filter app

1. Go to Apps > Android.
2. Select Add.
3. Under App Type, select Managed Google Play App from the dropdown.

4. Search for and select Qoria Filter.

     Tip

   If you can’t see the app, search for com.qoria.uc.android.edu instead.

5. Select Sync in the App pane to sync with the Managed Google Play service.
6. Go to Apps > Android, select the Qoria Android Filter app from the list.
7. Go to Properties > Edit.
8. Select Add groups and select the Group set up in Step 2.
9. Review the settings before selecting Create.

Step 8: Create the Device Configuration Policies

Create an Always-on VPN Policy 

1. Go to Devices > Android devices > Configuration.
2. Select Create > New Policy.
3. For Platform, select Android Enterprise.
4. For Profile type, select Device Restrictions.
5. In the Basics step, add a name, such as Android Always On VPN Filter.
6. In the Configuration settings step, select the Connectivity dropdown.
   1. For Always-on VPN (work profile-level), select Enable.
   2. For VPN Client, select Custom.
   3. For Package ID, enter com.qoria.uc.android.edu
7. In the Assignments step, select Add groups and select the Group set up in Step 2.
8. Review the settings before selecting Create.

Upload the Trusted Certificate 

1. Go to Devices > Android devices > Configuration.
2. Select Create > New Policy.
3. For Platform, select Android Enterprise.
4. For Profile type, select Trusted certificate.
5. In the Basics step, add a name, such as Android Filter Certificate.
6. In the Configuration settings step:
   1. Download the qoria_pub_cert.cer file.
   2. Return to your Microsoft Intune Admin Center.
   3. For Certificate file, select the qoria_pub_cert.cer file.
7. In the Assignments step, select Add groups and select the Group set up in Step 2.
8. Review the settings before selecting Create.

Next steps

Check the installation is working as expected:

1. Check that your Web Filter policies apply correctly.
2. Open the app and confirm it says ‘This device is being protected’.
3. Check the last Secret Knock and the Directory Groups or Group Mappings to which the user belongs using the Diagnostics page.