Skip to main content

Deploying and Using the Fulcrum for Intune Mobile App

A guide for Enterprise Administrators and End-Users on leveraging Fulcrum with Microsoft Intune for enhanced security and management.

K
Written by Katie Briggs
Updated over a week ago

1. Overview: For the Enterprise Administrator

Fulcrum for Intune is our dedicated mobile application for organizations that leverage Microsoft Intune to manage devices and enforce data protection policies.

While our standard mobile app can be deployed via Intune, Fulcrum for Intune is required to fully support:

  • App Protection Policies: Enforce granular security controls, such as requiring a PIN to open the app, restricting copy/paste to unmanaged applications, and blocking app use on non-compliant devices.

  • Conditional Access: Ensure that only users on compliant, managed devices can access your organization's Fulcrum data.

This application ensures that all field data collection and management activities within Fulcrum adhere to your corporate security and compliance standards.

Prerequisites

  • A Fulcrum Enterprise plan with Single Sign-On (SSO) configured.

  • A Microsoft Intune subscription.

  • Users must be licensed for Intune.

  • The 'Fulcrum for Intune' app must be added to your Intune app catalog.

High-Level Deployment Steps

  1. Add the App: In the Intune admin center, add the "Fulcrum for Intune" app (with the briefcase icon) to your app library from the managed Google Play Store or Apple App Store.

  2. Create an App Protection Policy or Edit an Existing One: Define your desired security controls (e.g., "Require PIN for access," "Block screen capture") and apply this policy to the Fulcrum for Intune app.

    1. Add as a Custom App: Select custom apps and add the app with this package name com.spatialnetworks.fulcrum.intunems.

    2. Allow Sending and Receiving Data from Other Apps: The Fulcrum SSO process passes users through a browser in order to authenticate. To facilitate this process, the policy needs to allow data to pass to and from Fulcrum to the browser app. This can be set under the “Data protection” section with the “Send org data to other apps” and “Receive data from other apps” rules.

  3. Assign the App: Assign the app and protection policy to your target user or device groups.


Notes:

  • For non-enrolled devices using App Protection Policies, you will need to enable API permissions in Entra ID.

  • If you are utilizing conditional access that requires App Protection Policies, ensure the browser, most likely Microsoft Edge, used in the SSO process also has App Protection Policies applied. Its policy should allow sending and receiving data to and from Fulcrum for Intune. If you are using “Policy managed apps” for the “Send org data to other apps” rule, you may need to explicitly specify com.spatialnetworks.fulcrum.intunems as an exception for sending data.

2. End-User Guide: Installation & Sign-In

How to Install the App

Your company's IT administrator will make the app available to you. Based on your organization's setup, this will happen in one of three ways:

  • Automatic Installation: The app may be automatically "pushed" to your device and will appear on your home screen or in your work folder.

  • Company Portal (iOS & Android): Open the Intune Company Portal app on your device. Search for "Fulcrum for Intune" and tap Install.

  • Managed App Stores:

    • Android: Open the Play Store with the briefcase icon (your Work Profile Play Store). You will find the app under the "Work" tab.

    • iOS: If your company uses Apple Business Manager, the app may appear as a "Required" app in the standard App Store under your managed account.

Please look for the Fulcrum for Intune app, which has a small briefcase icon on it. If you cannot find it, please contact your IT department.

Signing In for the First Time

  1. Open the Fulcrum for Intune app.

    Fulcrum for Intune app logo

  2. Tap the Secure Sign In button.

    Fulcrum for Intune sign in screen

  3. You will be prompted to sign in to your Microsoft account. Select or enter your corporate credentials.

    Microsoft pick an account screen

  4. You will then be taken to the Fulcrum login screen. Your SSO domain may already be filled in. If not, please enter your company's Fulcrum SSO domain (the same one you use on the web) and tap Sign In.

    Fulcrum Sign sign-on screen

If your company uses app protection policies, you might need to restart the app before finishing sign-in so the policies take effect. If necessary, you'll see a prompt to restart, and the app will close. Just reopen the Fulcrum for Intune app on your device and sign in again.

3. Frequently Asked Questions (FAQ) & Troubleshooting

  • Q: Why are there two Fulcrum apps? Which one do I use?

    • A: The standard "Fulcrum" app is for general use. The "Fulcrum for Intune" app (with the briefcase) is specifically for companies that require enhanced Microsoft security. Your IT administrator will tell you which one you must use. If your company uses Intune, the regular app will likely be blocked.

  • Q: I'm getting an error about "Conditional Access" or my device being "non-compliant."

    • A: This is a security message from your company. It means your device does not meet your organization's security requirements (e.g., the OS is outdated, the device is jailbroken, or a PIN is not set). You must contact your internal IT help desk for assistance.

  • Q: The app is asking for my "SSO Domain." What is that?

    • A: This is your company's unique identifier for logging into Fulcrum. It should be the same one you use to log in to the Fulcrum website. If it's not pre-filled, please contact your IT administrator or manager to get the correct domain.

Related Articles
Downloading the Fulcrum App
Using your mobile device
Managing Updates for Your Fulcrum Mobile App
Collaborating with Other Users in Fulcrum
Setting the Language for the Fulcrum Mobile App
Did this answer your question?