1. Slack Help Center
  2. Workspace administration
  3. Configure access & security
    4. Slack for Intune mobile device and mobile app management

Slack for Intune mobile device and mobile app management

Who can use this feature?
  • Org Owners
  • Available on the Enterprise Grid plan

This guide outlines the steps required to configure and deploy Intune for Slack mobile device management (MDM) or mobile app management without enrollment (MAM-WE).

How it works

  • Setup requires admin permissions in Intune, Azure Active Directory, and Slack.
  • Once the initial setup is complete, you can set app protection and app configuration policies.
  • All members will need a Microsoft Intune account with the right Microsoft Intune license assigned.
  • When using Slack for Intune, members will need to download the Slack for Intune app from their mobile app store or the Microsoft App Partner store.


Set up Slack for Intune

To get started, an Intune and Azure admin will need to configure all required settings. The steps below cover the minimum requirements to set up the Slack for Intune apps. If you need to set up app configuration or conditional access policies, you can do that later on.

Step 1: Add the Slack for Intune apps to your Microsoft Endpoint Manager

  1. From the Apps tab of the Microsoft Endpoint Manager, click Add and select the appropriate app type.
  2. Search for Slack for Intune, then select the app and assign it to people and groups.

For additional support with adding an app to your Microsoft Endpoint Manager, check out Microsoft’s Intune Quickstart Guide.


Step 2: Add an app protection policy

  1. From the Apps tab of the Microsoft Endpoint Manager, click App Protection Policies and create a new policy for the appropriate mobile platform. If you’re deploying Slack to both iOS and Android devices, you’ll need to create two separate policies.
  2. Add the Slack for Intune app to your policy.
  3. Configure the security settings.
  4. Assign the policy to people or groups and click Save.

Note: It can take some time for a new app protection policy to reach individual devices. To validate that your new policy is set up and working correctly, follow this guidance from Microsoft’s Intune documentation.


Step 3: Grant admin consent via the Azure AD admin center

  1. From the Azure AD admin center, open the Enterprise applications tab.
  2. Search for Slack for Intune.
  3. Click Permissions.
  4. Click Grant admin consent for Slack for Intune.

For additional support with application management settings, you can refer to the Microsoft documentation.


Configure app protection policies

To ensure your members can register their Slack for Intune app to authenticate and sign in to Slack, you’ll need to configure app protection policies on the Microsoft side.

App protection policy settings

These settings allow you to specify how members can interact with Slack on their mobile devices.

Policy Setting description
Restrict web content transfer with other apps

If this setting is configured for Microsoft Edge, members will be required to be signed in to Edge with their corporate Azure AD account for the content to transfer successfully.

Intune allows admins to specify an unmanaged browser to open links, and Slack supports Blackberry Access:

  • Unmanaged browser ID: access://open?url=http
  • Unmanaged browser name: Blackberry Access
Save copies of org data

Currently, we only support local storage and Photo Library for “Allow users to save copies to selected services.” When this setting is configured to Block:

  • Android
    The download button is hidden if all save locations are blocked. If any save locations are permitted, the download button will be visible to end users.
  • iOS
    Files can still be downloaded, but will be saved in an unreadable encrypted format so end users cannot view them.
Allow user to save copies to selected devices In order for the camera to take photos or video from within the Slack for Intune app, be sure to configure this setting to Local storage if the parent Save copies of org data setting is set to Block (Android only).
Select managed universal links We do not currently support redirects back to the Slack for Intune app for external links. Even if admins add URLs for the Slack for Intune app to the universal link list, the redirects will fail to open Slack for Intune.

Note: The Slack for Intune apps defer to the Intune-supported settings for app protection policies. To understand the expected behavior for your particular configuration, refer to Microsoft’s documentation for iOS or Android.


Set app configuration policies

Slack for Intune supports app configuration policies for both managed apps and managed devices. On Android, there are some distinctions when creating an app configuration policy, and the settings will differ slightly for managed apps and managed devices.

If you have an app configuration policy that applies to both platforms (Android and iOS) or both device types (managed and unmanaged), you can add all of these settings in the same policy. The different platforms will consume and execute the relevant keys.

Tip: You can safely ignore any additional keys that appear in the Microsoft Intune admin center when creating or editing an app configuration policy, as they will have no impact on Slack for Intune app functionality.


Supported keys

Key Description Example
allowed_intune_domain
  • Can be a list of domains that users should be able to access
  • Members will be fast-forwarded through the org URL page if only one domain is listed
  • Members will need to enter the org URL during sign-in if more than one domain is listed
  • Applies to unmanaged iOS or Android devices

allowed_intune_domain =
acme.enterprise (will fast-forward to acme.enterprise.slack.com)

allowed_intune_domain

acme.enterprise, acmecorp.enterprise (will not fast-forward)
WhitelistedDomains
  • Controls which domains users can access
  • Members will be fast-forwarded through the workspace URL page if only one domain is listed
  • Members will need to enter the workspace URL during sign-in if more than one domain is listed
  • Applies to managed Android devices

WhitelistedDomains=

acme.enterprise (will fast-forward to acme.enterprise.slack.com

WhitelistedDomains

acme.enterprise, acmecorp.enterprise (will not fast-forward)
IntuneMAMUPN (required for managed devices using an Intune MAM managed app)*
  • Enables specific data transfer settings in the app protection policy to function correctly on managed devices
  • Applies to managed iOS devices
  

*See the Microsoft instructions for details on which settings require this configuration.


Configure access control

In addition to the policies on the Microsoft side, you can configure Access Control in Slack. When enabled, members and guests will only be able to access your org from the Slack for Intune app. If you’d like to enable this setting, please reach out to our Support team.

Note: App-based Conditional Access via Azure AD and device-based Conditional Access policies are not currently supported.


Deploy the Slack for Intune apps to mobile devices

iOS devices only require the Slack for Intune app. If you’re deploying to Android devices, you’ll need to download the Company Portal app from the Play Store, as well as the Slack for Intune app.

Members who are using Slack on a personal device rather than a managed device can download Slack for Intune from the App Store or Play Store.


Troubleshoot device registration

Members registering their device for Slack for Intune may experience error messages, stuck loading pages, or app crashes. To address these issues, ask an Intune or Azure admin to confirm the following configurations on the Microsoft side:

If the device registration continues to fail, contact our Support team for additional help.

Was this article helpful?Yes, thanks!Not really