Installing the Mobile Endpoint Agent for Android via Microsoft Intune

Microsoft Intune is a cloud-based endpoint management solution that helps you manage user access to organizational resources and streamlines app and device management across multiple device types, including mobile devices, desktop computers, and virtual endpoints. This guide provides step-by-step instructions for installing the Cisco ThousandEyes Mobile Endpoint Agent on Android devices using Microsoft Intune. Deploying the agent with Intune allows administrators to efficiently manage and monitor mobile endpoints, helping to maintain optimal network performance and enhance user experience.

This document includes instructions for both Fully Managed, Corporate-Owned devices and Personally Owned Devices using Work Profile (BYOD) configurations.

  • For best results, follow the configuration order described in this document: first, create the configuration policy, and then deploy the application. This sequence ensures that all required configurations are in place before the application is delivered to mobile devices, helping prevent deployment issues and supporting a smooth installation and registration process.

  • In environments where devices use a personally owned work profile (BYOD), administrators have less control compared to fully managed, corporate-owned devices. For example, certain permissions—such as location access—cannot be automatically granted on BYOD devices. In these cases, users must manually approve location permissions.

  • You can’t install raw APK files directly on Android Enterprise enrolled devices—including work profile, fully managed, COPE, or dedicated devices. Apps must be deployed through Managed Google Play.

Prerequisites

Before installation, ensure you have the following:

  • Access to the ThousandEyes platform

  • Access to the Microsoft Intune

  • Microsoft Intune tenant connected and integrated with your managed Google Play account

  • Devices enrolled and managed in Microsoft Intune

  • Android Devices running version 11 or higher

Getting Started

The installation process is divided into the following three sections:

  • Adding the Application to Intune

  • Creating Configuration Policy for the Application

  • Deploying the Application to Mobile Devices

The following sections provide detailed instructions related to the topics mentioned above.

Adding the Application to Intune

Before you assign the ThousandEyes Mobile Endpoint Agent app to devices or user groups, add the app to Microsoft Intune:

  1. From the Intune dashboard, go to the Apps section. In the Overview pane, select Android as the platform.

  1. In the Android apps section, select Create. In the Select app type menu, choose Managed Google Play app from the App type dropdown list, and then click Select.

  1. When the Managed Google Play Store opens, search for "ThousandEyes" and select the ThousandEyes Endpoint Agent app from the search results.

  2. After the **ThousandEyes Endpoint Agent app **page loads, click Select to confirm your choice, and then choose Sync.

  3. After you complete the previous step, the ThousandEyes Mobile Endpoint Agent app appears in the Android apps list in Microsoft Intune.

  • It may take a few minutes for the app to appear after syncing.

  • If the app doesn’t appear right away, select Refresh to update the list. This delay is expected and is due to the synchronization process between Managed Google Play and Microsoft Intune.

  1. The addition is successfully completed when the ThousandEyes Mobile Endpoint Agent app appears in the Android apps list in Microsoft Intune.

Creating Configuration Policy for the Application

This section, describes the necessary instructions for app-specific configuration to ensure correct deployment and functionality.

  1. Go to the Configuration section in the left-hand menu. Click Create, then select Managed devices from the dropdown menu.

  1. On the Create app configuration policy page, complete the following steps on the Basics tab:

  • Name: Enter a descriptive name for the app configuration policy.

  • Platform: Select Android Enterprise.

  • Profile type: Choose the profile type that matches your organization’s enrollment method. The available options are:

    • All profile types

    • Fully managed, dedicated, and corporate-owned work profile only

    • Personally-owned work profile only

For this guide, we have selected Fully managed, dedicated, and corporate-owned work profile, since our device is operating in a Fully Managed mode.

The remaining configuration steps are the same for all profile types. However, keep in mind that personally-owned work profile only devices provide less control, so some permissions can’t be granted automatically.

  1. The final step on the Basics tab is to specify the targeted app:

  • Click Select app.

  • In the Associated app list, choose ThousandEyes Endpoint Agent.

  • Select OK to confirm your choice.

  1. Click Next and in the Settings tabs, specify the necessary permissions and configuration parameters. Under Permissions, click +Add, select the three Location Access and Phone state permissions from the Add permissions list, and then click OK.

  1. Set the Permission state to Auto grant for all of the listed permissions.

  2. For the Configuration Settings, choose **Use configuration designer **as the configuration settings format. Then, click +Add, select all three configuration keys required for this application, and click OK.

  1. Configure the following keys:

    • Skip Terms of Service: Set the value to true to automatically accept the terms of service and prevent the user from being prompted.

    • Device Name: Choose a variable or string based on your organization’s naming convention. For this guide, use SerialNumber to ensure each device name is unique.

    • Connection string: This key automatically associates the Mobile Endpoint Agent with the correct ThousandEyes organization. To find the connection string, go to Endpoint Experience > Agent Settings in the ThousandEyes web application and select Add New Endpoint Agent.

    • Click Next to configure the **Assignments **tab.

  2. On the Assignments tab of the configuration policy, specify the users or groups that will receive this configuration. This approach gives you granular control and allows you to create multiple configuration policies with targeted assignments based on your organization’s account groups in the ThousandEyes platform. Assign the policy to groups as needed. In this case, select Add all users.

  3. After configuring the Assignments tab, click Next to move to the Review + create tab.

  4. Review the configuration and click Create to complete the configuration policy creation.

  1. The configuration policy will be displayed under Configuration section.

Deploying the Application to Mobile Devices

This section describes the necessary steps to deploy the ThousandEyes Mobile Endpoint Agent on mobile devices.

  1. Go to the Android apps section and select ThousandEyes Endpoint Agent. Then, navigate to the app’s Properties section.

  1. Click** Edit** next to the Assignments section to add users. Be sure to distinguish between assignments in the app properties and assignments in the app policy. Assigning in the app policy applies configuration settings to the app. Assigning in the app properties determines which users or devices receive the app. In short, app properties assignments control app deployment, while app policy assignments control app settings. For this guide, select Add all users.

  1. Once the Assignments have been configured, click on Review + save.

  2. Review the configuration and click Save to complete the application assignment.

  1. You have now configured Intune to start deploying ThousandEyes Mobile Endpoint Agent application on the mobile endpoints. Please note that the application may not be installed on the target device immediately. The installation depends on the device's check-in cycle with the Intune service.

Verifying the Agent Installation

On the Mobile Device

  1. A few minutes after completing the configuration in Intune, the application installation begins automatically.

  1. The Background Execution permission needs to be granted manually on the mobile device running in Fully Managed Corporate-Owned mode.

  2. Once this permission has been granted, the ThousandEyes Mobile Endpoint Agent will start and register with your ThousandEyes organization using the connection string provided in the Intune application policy configuration.

  3. Upon successful registration, the ThousandEyes Mobile Endpoint Agent uses the mobile device's Serial Number as its name according to the configuration, and the Agent Status shows as successful, indicating correct deployment and connectivity to the ThousandEyes platform.

On ThousandEyes Web UI

To verify that the agent is registered to your ThousandEyes organization, go to Endpoint Experience > Agent Settings in the ThousandEyes UI. The newly installed agent should appear in the list, confirming successful registration and connection to your organization.

PreviousDeploy an MSI package to Intune for Windows DevicesNextEndpoint Agent Installation on Cisco Webex Devices (RoomOS)

Last updated